summaryrefslogtreecommitdiffstats
path: root/core/jni
diff options
context:
space:
mode:
Diffstat (limited to 'core/jni')
-rw-r--r--core/jni/Android.mk8
-rw-r--r--core/jni/AndroidRuntime.cpp4
-rw-r--r--core/jni/android/graphics/Bitmap.cpp14
-rw-r--r--core/jni/android/graphics/CreateJavaOutputStreamAdaptor.cpp2
-rw-r--r--core/jni/android_os_FileUtils.cpp99
-rw-r--r--core/jni/android_os_SELinux.cpp541
-rw-r--r--core/jni/android_os_StatFs.cpp163
7 files changed, 563 insertions, 268 deletions
diff --git a/core/jni/Android.mk b/core/jni/Android.mk
index c24f6c6..6f3653d 100644
--- a/core/jni/Android.mk
+++ b/core/jni/Android.mk
@@ -66,7 +66,7 @@ LOCAL_SRC_FILES:= \
android_os_MessageQueue.cpp \
android_os_ParcelFileDescriptor.cpp \
android_os_Parcel.cpp \
- android_os_StatFs.cpp \
+ android_os_SELinux.cpp \
android_os_SystemClock.cpp \
android_os_SystemProperties.cpp \
android_os_Trace.cpp \
@@ -218,6 +218,12 @@ LOCAL_SHARED_LIBRARIES := \
libharfbuzz \
libz
+ifeq ($(HAVE_SELINUX),true)
+LOCAL_C_INCLUDES += external/libselinux/include
+LOCAL_SHARED_LIBRARIES += libselinux
+LOCAL_CFLAGS += -DHAVE_SELINUX
+endif # HAVE_SELINUX
+
ifeq ($(USE_OPENGL_RENDERER),true)
LOCAL_SHARED_LIBRARIES += libhwui
endif
diff --git a/core/jni/AndroidRuntime.cpp b/core/jni/AndroidRuntime.cpp
index 241a905..d08e651 100644
--- a/core/jni/AndroidRuntime.cpp
+++ b/core/jni/AndroidRuntime.cpp
@@ -133,7 +133,7 @@ extern int register_android_os_Debug(JNIEnv* env);
extern int register_android_os_MessageQueue(JNIEnv* env);
extern int register_android_os_Parcel(JNIEnv* env);
extern int register_android_os_ParcelFileDescriptor(JNIEnv *env);
-extern int register_android_os_StatFs(JNIEnv *env);
+extern int register_android_os_SELinux(JNIEnv* env);
extern int register_android_os_SystemProperties(JNIEnv *env);
extern int register_android_os_SystemClock(JNIEnv* env);
extern int register_android_os_Trace(JNIEnv* env);
@@ -1146,7 +1146,7 @@ static const RegJNIRec gRegJNI[] = {
REG_JNI(register_android_os_FileUtils),
REG_JNI(register_android_os_MessageQueue),
REG_JNI(register_android_os_ParcelFileDescriptor),
- REG_JNI(register_android_os_StatFs),
+ REG_JNI(register_android_os_SELinux),
REG_JNI(register_android_os_Trace),
REG_JNI(register_android_os_UEventObserver),
REG_JNI(register_android_net_LocalSocketImpl),
diff --git a/core/jni/android/graphics/Bitmap.cpp b/core/jni/android/graphics/Bitmap.cpp
index 3c27caf..1bba5b4 100644
--- a/core/jni/android/graphics/Bitmap.cpp
+++ b/core/jni/android/graphics/Bitmap.cpp
@@ -298,8 +298,18 @@ static bool Bitmap_compress(JNIEnv* env, jobject clazz, SkBitmap* bitmap,
}
bool success = false;
- SkWStream* strm = CreateJavaOutputStreamAdaptor(env, jstream, jstorage);
- if (NULL != strm) {
+ if (NULL != bitmap) {
+ SkAutoLockPixels alp(*bitmap);
+
+ if (NULL == bitmap->getPixels()) {
+ return false;
+ }
+
+ SkWStream* strm = CreateJavaOutputStreamAdaptor(env, jstream, jstorage);
+ if (NULL == strm) {
+ return false;
+ }
+
SkImageEncoder* encoder = SkImageEncoder::Create(fm);
if (NULL != encoder) {
success = encoder->encodeStream(strm, *bitmap, quality);
diff --git a/core/jni/android/graphics/CreateJavaOutputStreamAdaptor.cpp b/core/jni/android/graphics/CreateJavaOutputStreamAdaptor.cpp
index 6ce3f51..aa4cbde 100644
--- a/core/jni/android/graphics/CreateJavaOutputStreamAdaptor.cpp
+++ b/core/jni/android/graphics/CreateJavaOutputStreamAdaptor.cpp
@@ -164,7 +164,7 @@ SkStream* CreateJavaInputStreamAdaptor(JNIEnv* env, jobject stream,
RETURN_NULL_IF_NULL(gInputStream_resetMethodID);
RETURN_NULL_IF_NULL(gInputStream_markMethodID);
RETURN_NULL_IF_NULL(gInputStream_availableMethodID);
- RETURN_NULL_IF_NULL(gInputStream_availableMethodID);
+ RETURN_NULL_IF_NULL(gInputStream_readMethodID);
RETURN_NULL_IF_NULL(gInputStream_skipMethodID);
gInited = true;
diff --git a/core/jni/android_os_FileUtils.cpp b/core/jni/android_os_FileUtils.cpp
index 8d65cbc..a07f5b7 100644
--- a/core/jni/android_os_FileUtils.cpp
+++ b/core/jni/android_os_FileUtils.cpp
@@ -33,19 +33,6 @@
namespace android {
-static jfieldID gFileStatusDevFieldID;
-static jfieldID gFileStatusInoFieldID;
-static jfieldID gFileStatusModeFieldID;
-static jfieldID gFileStatusNlinkFieldID;
-static jfieldID gFileStatusUidFieldID;
-static jfieldID gFileStatusGidFieldID;
-static jfieldID gFileStatusSizeFieldID;
-static jfieldID gFileStatusBlksizeFieldID;
-static jfieldID gFileStatusBlocksFieldID;
-static jfieldID gFileStatusAtimeFieldID;
-static jfieldID gFileStatusMtimeFieldID;
-static jfieldID gFileStatusCtimeFieldID;
-
jint android_os_FileUtils_setPermissions(JNIEnv* env, jobject clazz,
jstring file, jint mode,
jint uid, jint gid)
@@ -68,44 +55,6 @@ jint android_os_FileUtils_setPermissions(JNIEnv* env, jobject clazz,
return chmod(file8.string(), mode) == 0 ? 0 : errno;
}
-jint android_os_FileUtils_getPermissions(JNIEnv* env, jobject clazz,
- jstring file, jintArray outArray)
-{
- const jchar* str = env->GetStringCritical(file, 0);
- String8 file8;
- if (str) {
- file8 = String8(str, env->GetStringLength(file));
- env->ReleaseStringCritical(file, str);
- }
- if (file8.size() <= 0) {
- return ENOENT;
- }
- struct stat st;
- if (stat(file8.string(), &st) != 0) {
- return errno;
- }
- jint* array = (jint*)env->GetPrimitiveArrayCritical(outArray, 0);
- if (array) {
- int len = env->GetArrayLength(outArray);
- if (len >= 1) {
- array[0] = st.st_mode;
- }
- if (len >= 2) {
- array[1] = st.st_uid;
- }
- if (len >= 3) {
- array[2] = st.st_gid;
- }
- }
- env->ReleasePrimitiveArrayCritical(outArray, array, 0);
- return 0;
-}
-
-jint android_os_FileUtils_setUMask(JNIEnv* env, jobject clazz, jint mask)
-{
- return umask(mask);
-}
-
jint android_os_FileUtils_getFatVolumeId(JNIEnv* env, jobject clazz, jstring path)
{
if (path == NULL) {
@@ -127,63 +76,15 @@ jint android_os_FileUtils_getFatVolumeId(JNIEnv* env, jobject clazz, jstring pat
return result;
}
-jboolean android_os_FileUtils_getFileStatus(JNIEnv* env, jobject clazz, jstring path, jobject fileStatus) {
- const char* pathStr = env->GetStringUTFChars(path, NULL);
- jboolean ret = false;
-
- struct stat s;
- int res = stat(pathStr, &s);
- if (res == 0) {
- ret = true;
- if (fileStatus != NULL) {
- env->SetIntField(fileStatus, gFileStatusDevFieldID, s.st_dev);
- env->SetIntField(fileStatus, gFileStatusInoFieldID, s.st_ino);
- env->SetIntField(fileStatus, gFileStatusModeFieldID, s.st_mode);
- env->SetIntField(fileStatus, gFileStatusNlinkFieldID, s.st_nlink);
- env->SetIntField(fileStatus, gFileStatusUidFieldID, s.st_uid);
- env->SetIntField(fileStatus, gFileStatusGidFieldID, s.st_gid);
- env->SetLongField(fileStatus, gFileStatusSizeFieldID, s.st_size);
- env->SetIntField(fileStatus, gFileStatusBlksizeFieldID, s.st_blksize);
- env->SetLongField(fileStatus, gFileStatusBlocksFieldID, s.st_blocks);
- env->SetLongField(fileStatus, gFileStatusAtimeFieldID, s.st_atime);
- env->SetLongField(fileStatus, gFileStatusMtimeFieldID, s.st_mtime);
- env->SetLongField(fileStatus, gFileStatusCtimeFieldID, s.st_ctime);
- }
- }
-
- env->ReleaseStringUTFChars(path, pathStr);
-
- return ret;
-}
-
static const JNINativeMethod methods[] = {
{"setPermissions", "(Ljava/lang/String;III)I", (void*)android_os_FileUtils_setPermissions},
- {"getPermissions", "(Ljava/lang/String;[I)I", (void*)android_os_FileUtils_getPermissions},
- {"setUMask", "(I)I", (void*)android_os_FileUtils_setUMask},
{"getFatVolumeId", "(Ljava/lang/String;)I", (void*)android_os_FileUtils_getFatVolumeId},
- {"getFileStatusNative", "(Ljava/lang/String;Landroid/os/FileUtils$FileStatus;)Z", (void*)android_os_FileUtils_getFileStatus},
};
static const char* const kFileUtilsPathName = "android/os/FileUtils";
int register_android_os_FileUtils(JNIEnv* env)
{
- jclass fileStatusClass = env->FindClass("android/os/FileUtils$FileStatus");
- LOG_FATAL_IF(fileStatusClass == NULL, "Unable to find class android.os.FileUtils$FileStatus");
-
- gFileStatusDevFieldID = env->GetFieldID(fileStatusClass, "dev", "I");
- gFileStatusInoFieldID = env->GetFieldID(fileStatusClass, "ino", "I");
- gFileStatusModeFieldID = env->GetFieldID(fileStatusClass, "mode", "I");
- gFileStatusNlinkFieldID = env->GetFieldID(fileStatusClass, "nlink", "I");
- gFileStatusUidFieldID = env->GetFieldID(fileStatusClass, "uid", "I");
- gFileStatusGidFieldID = env->GetFieldID(fileStatusClass, "gid", "I");
- gFileStatusSizeFieldID = env->GetFieldID(fileStatusClass, "size", "J");
- gFileStatusBlksizeFieldID = env->GetFieldID(fileStatusClass, "blksize", "I");
- gFileStatusBlocksFieldID = env->GetFieldID(fileStatusClass, "blocks", "J");
- gFileStatusAtimeFieldID = env->GetFieldID(fileStatusClass, "atime", "J");
- gFileStatusMtimeFieldID = env->GetFieldID(fileStatusClass, "mtime", "J");
- gFileStatusCtimeFieldID = env->GetFieldID(fileStatusClass, "ctime", "J");
-
return AndroidRuntime::registerNativeMethods(
env, kFileUtilsPathName,
methods, NELEM(methods));
diff --git a/core/jni/android_os_SELinux.cpp b/core/jni/android_os_SELinux.cpp
new file mode 100644
index 0000000..e813c38
--- /dev/null
+++ b/core/jni/android_os_SELinux.cpp
@@ -0,0 +1,541 @@
+/*
+ * Copyright (C) 2012 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#define LOG_TAG "SELinuxJNI"
+#include <utils/Log.h>
+
+#include "JNIHelp.h"
+#include "jni.h"
+#include "android_runtime/AndroidRuntime.h"
+#ifdef HAVE_SELINUX
+#include "selinux/selinux.h"
+#include "selinux/android.h"
+#endif
+#include <errno.h>
+
+namespace android {
+
+ static jboolean isSELinuxDisabled = true;
+
+ static void throw_NullPointerException(JNIEnv *env, const char* msg) {
+ jclass clazz;
+ clazz = env->FindClass("java/lang/NullPointerException");
+ env->ThrowNew(clazz, msg);
+ }
+
+ /*
+ * Function: isSELinuxEnabled
+ * Purpose: checks whether SELinux is enabled/disbaled
+ * Parameters: none
+ * Return value : true (enabled) or false (disabled)
+ * Exceptions: none
+ */
+ static jboolean isSELinuxEnabled(JNIEnv *env, jobject classz) {
+
+ return !isSELinuxDisabled;
+ }
+
+ /*
+ * Function: isSELinuxEnforced
+ * Purpose: return the current SELinux enforce mode
+ * Parameters: none
+ * Return value: true (enforcing) or false (permissive)
+ * Exceptions: none
+ */
+ static jboolean isSELinuxEnforced(JNIEnv *env, jobject clazz) {
+#ifdef HAVE_SELINUX
+ return (security_getenforce() == 1) ? true : false;
+#else
+ return false;
+#endif
+ }
+
+ /*
+ * Function: setSELinuxEnforce
+ * Purpose: set the SE Linux enforcing mode
+ * Parameters: true (enforcing) or false (permissive)
+ * Return value: true (success) or false (fail)
+ * Exceptions: none
+ */
+ static jboolean setSELinuxEnforce(JNIEnv *env, jobject clazz, jboolean value) {
+#ifdef HAVE_SELINUX
+ if (isSELinuxDisabled)
+ return false;
+
+ int enforce = (value) ? 1 : 0;
+
+ return (security_setenforce(enforce) != -1) ? true : false;
+#else
+ return false;
+#endif
+ }
+
+ /*
+ * Function: getPeerCon
+ * Purpose: retrieves security context of peer socket
+ * Parameters:
+ * fileDescriptor: peer socket file as a FileDescriptor object
+ * Returns: jstring representing the security_context of socket or NULL if error
+ * Exceptions: NullPointerException if fileDescriptor object is NULL
+ */
+ static jstring getPeerCon(JNIEnv *env, jobject clazz, jobject fileDescriptor) {
+#ifdef HAVE_SELINUX
+ if (isSELinuxDisabled)
+ return NULL;
+
+ if (fileDescriptor == NULL) {
+ throw_NullPointerException(env, "Trying to check security context of a null peer socket.");
+ return NULL;
+ }
+
+ security_context_t context = NULL;
+ jstring securityString = NULL;
+
+ int fd = jniGetFDFromFileDescriptor(env, fileDescriptor);
+
+ if (env->ExceptionOccurred() != NULL) {
+ ALOGE("There was an issue with retrieving the file descriptor");
+ goto bail;
+ }
+
+ if (getpeercon(fd, &context) == -1)
+ goto bail;
+
+ ALOGV("getPeerCon: Successfully retrived context of peer socket '%s'", context);
+
+ securityString = env->NewStringUTF(context);
+
+ bail:
+ if (context != NULL)
+ freecon(context);
+
+ return securityString;
+#else
+ return NULL;
+#endif
+ }
+
+ /*
+ * Function: setFSCreateCon
+ * Purpose: set security context used for creating a new file system object
+ * Parameters:
+ * context: security_context_t representing the new context of a file system object,
+ * set to NULL to return to the default policy behavior
+ * Returns: true on success, false on error
+ * Exception: none
+ */
+ static jboolean setFSCreateCon(JNIEnv *env, jobject clazz, jstring context) {
+#ifdef HAVE_SELINUX
+ if (isSELinuxDisabled)
+ return false;
+
+ char * securityContext = NULL;
+ const char *constant_securityContext = NULL;
+
+ if (context != NULL) {
+ constant_securityContext = env->GetStringUTFChars(context, NULL);
+
+ // GetStringUTFChars returns const char * yet setfscreatecon needs char *
+ securityContext = const_cast<char *>(constant_securityContext);
+ }
+
+ int ret;
+ if ((ret = setfscreatecon(securityContext)) == -1)
+ goto bail;
+
+ ALOGV("setFSCreateCon: set new security context to '%s' ", context == NULL ? "default", context);
+
+ bail:
+ if (constant_securityContext != NULL)
+ env->ReleaseStringUTFChars(context, constant_securityContext);
+
+ return (ret == 0) ? true : false;
+#else
+ return false;
+#endif
+ }
+
+ /*
+ * Function: setFileCon
+ * Purpose: set the security context of a file object
+ * Parameters:
+ * path: the location of the file system object
+ * con: the new security context of the file system object
+ * Returns: true on success, false on error
+ * Exception: NullPointerException is thrown if either path or context strign are NULL
+ */
+ static jboolean setFileCon(JNIEnv *env, jobject clazz, jstring path, jstring con) {
+#ifdef HAVE_SELINUX
+ if (isSELinuxDisabled)
+ return false;
+
+ if (path == NULL) {
+ throw_NullPointerException(env, "Trying to change the security context of a NULL file object.");
+ return false;
+ }
+
+ if (con == NULL) {
+ throw_NullPointerException(env, "Trying to set the security context of a file object with NULL.");
+ return false;
+ }
+
+ const char *objectPath = env->GetStringUTFChars(path, NULL);
+ const char *constant_con = env->GetStringUTFChars(con, NULL);
+
+ // GetStringUTFChars returns const char * yet setfilecon needs char *
+ char *newCon = const_cast<char *>(constant_con);
+
+ int ret;
+ if ((ret = setfilecon(objectPath, newCon)) == -1)
+ goto bail;
+
+ ALOGV("setFileCon: Succesfully set security context '%s' for '%s'", newCon, objectPath);
+
+ bail:
+ env->ReleaseStringUTFChars(path, objectPath);
+ env->ReleaseStringUTFChars(con, constant_con);
+ return (ret == 0) ? true : false;
+#else
+ return false;
+#endif
+ }
+
+ /*
+ * Function: getFileCon
+ * Purpose: retrieves the context associated with the given path in the file system
+ * Parameters:
+ * path: given path in the file system
+ * Returns:
+ * string representing the security context string of the file object
+ * the string may be NULL if an error occured
+ * Exceptions: NullPointerException if the path object is null
+ */
+ static jstring getFileCon(JNIEnv *env, jobject clazz, jstring path) {
+#ifdef HAVE_SELINUX
+ if (isSELinuxDisabled)
+ return NULL;
+
+ if (path == NULL) {
+ throw_NullPointerException(env, "Trying to check security context of a null path.");
+ return NULL;
+ }
+
+ const char *objectPath = env->GetStringUTFChars(path, NULL);
+
+ security_context_t context = NULL;
+ jstring securityString = NULL;
+
+ if (getfilecon(objectPath, &context) == -1)
+ goto bail;
+
+ ALOGV("getFileCon: Successfully retrived context '%s' for file '%s'", context, objectPath);
+
+ securityString = env->NewStringUTF(context);
+
+ bail:
+ if (context != NULL)
+ freecon(context);
+
+ env->ReleaseStringUTFChars(path, objectPath);
+
+ return securityString;
+#else
+ return NULL;
+#endif
+ }
+
+ /*
+ * Function: getCon
+ * Purpose: Get the context of the current process.
+ * Parameters: none
+ * Returns: a jstring representing the security context of the process,
+ * the jstring may be NULL if there was an error
+ * Exceptions: none
+ */
+ static jstring getCon(JNIEnv *env, jobject clazz) {
+#ifdef HAVE_SELINUX
+ if (isSELinuxDisabled)
+ return NULL;
+
+ security_context_t context = NULL;
+ jstring securityString = NULL;
+
+ if (getcon(&context) == -1)
+ goto bail;
+
+ ALOGV("getCon: Successfully retrieved context '%s'", context);
+
+ securityString = env->NewStringUTF(context);
+
+ bail:
+ if (context != NULL)
+ freecon(context);
+
+ return securityString;
+#else
+ return NULL;
+#endif
+ }
+
+ /*
+ * Function: getPidCon
+ * Purpose: Get the context of a process identified by its pid
+ * Parameters:
+ * pid: a jint representing the process
+ * Returns: a jstring representing the security context of the pid,
+ * the jstring may be NULL if there was an error
+ * Exceptions: none
+ */
+ static jstring getPidCon(JNIEnv *env, jobject clazz, jint pid) {
+#ifdef HAVE_SELINUX
+ if (isSELinuxDisabled)
+ return NULL;
+
+ security_context_t context = NULL;
+ jstring securityString = NULL;
+
+ pid_t checkPid = (pid_t)pid;
+
+ if (getpidcon(checkPid, &context) == -1)
+ goto bail;
+
+ ALOGV("getPidCon: Successfully retrived context '%s' for pid '%d'", context, checkPid);
+
+ securityString = env->NewStringUTF(context);
+
+ bail:
+ if (context != NULL)
+ freecon(context);
+
+ return securityString;
+#else
+ return NULL;
+#endif
+ }
+
+ /*
+ * Function: getBooleanNames
+ * Purpose: Gets a list of the SELinux boolean names.
+ * Parameters: None
+ * Returns: an array of strings containing the SELinux boolean names.
+ * returns NULL string on error
+ * Exceptions: None
+ */
+ static jobjectArray getBooleanNames(JNIEnv *env, JNIEnv clazz) {
+#ifdef HAVE_SELINUX
+ if (isSELinuxDisabled)
+ return NULL;
+
+ char **list;
+ int i, len, ret;
+ jclass stringClass;
+ jobjectArray stringArray = NULL;
+
+ if (security_get_boolean_names(&list, &len) == -1)
+ return NULL;
+
+ stringClass = env->FindClass("java/lang/String");
+ stringArray = env->NewObjectArray(len, stringClass, env->NewStringUTF(""));
+ for (i = 0; i < len; i++) {
+ jstring obj;
+ obj = env->NewStringUTF(list[i]);
+ env->SetObjectArrayElement(stringArray, i, obj);
+ env->DeleteLocalRef(obj);
+ free(list[i]);
+ }
+ free(list);
+
+ return stringArray;
+#else
+ return NULL;
+#endif
+ }
+
+ /*
+ * Function: getBooleanValue
+ * Purpose: Gets the value for the given SELinux boolean name.
+ * Parameters:
+ * String: The name of the SELinux boolean.
+ * Returns: a boolean: (true) boolean is set or (false) it is not.
+ * Exceptions: None
+ */
+ static jboolean getBooleanValue(JNIEnv *env, jobject clazz, jstring name) {
+#ifdef HAVE_SELINUX
+ if (isSELinuxDisabled)
+ return false;
+
+ const char *boolean_name;
+ int ret;
+
+ if (name == NULL)
+ return false;
+ boolean_name = env->GetStringUTFChars(name, NULL);
+ ret = security_get_boolean_active(boolean_name);
+ env->ReleaseStringUTFChars(name, boolean_name);
+ return (ret == 1) ? true : false;
+#else
+ return false;
+#endif
+ }
+
+ /*
+ * Function: setBooleanNames
+ * Purpose: Sets the value for the given SELinux boolean name.
+ * Parameters:
+ * String: The name of the SELinux boolean.
+ * Boolean: The new value of the SELinux boolean.
+ * Returns: a boolean indicating whether or not the operation succeeded.
+ * Exceptions: None
+ */
+ static jboolean setBooleanValue(JNIEnv *env, jobject clazz, jstring name, jboolean value) {
+#ifdef HAVE_SELINUX
+ if (isSELinuxDisabled)
+ return false;
+
+ const char *boolean_name = NULL;
+ int ret;
+
+ if (name == NULL)
+ return false;
+ boolean_name = env->GetStringUTFChars(name, NULL);
+ ret = security_set_boolean(boolean_name, (value) ? 1 : 0);
+ env->ReleaseStringUTFChars(name, boolean_name);
+ if (ret)
+ return false;
+
+ if (security_commit_booleans() == -1)
+ return false;
+
+ return true;
+#else
+ return false;
+#endif
+ }
+
+ /*
+ * Function: checkSELinuxAccess
+ * Purpose: Check permissions between two security contexts.
+ * Parameters: scon: subject security context as a string
+ * tcon: object security context as a string
+ * tclass: object's security class name as a string
+ * perm: permission name as a string
+ * Returns: boolean: (true) if permission was granted, (false) otherwise
+ * Exceptions: None
+ */
+ static jboolean checkSELinuxAccess(JNIEnv *env, jobject clazz, jstring scon, jstring tcon, jstring tclass, jstring perm) {
+#ifdef HAVE_SELINUX
+ if (isSELinuxDisabled)
+ return true;
+
+ int accessGranted = -1;
+
+ const char *const_scon, *const_tcon, *mytclass, *myperm;
+ char *myscon, *mytcon;
+
+ if (scon == NULL || tcon == NULL || tclass == NULL || perm == NULL)
+ goto bail;
+
+ const_scon = env->GetStringUTFChars(scon, NULL);
+ const_tcon = env->GetStringUTFChars(tcon, NULL);
+ mytclass = env->GetStringUTFChars(tclass, NULL);
+ myperm = env->GetStringUTFChars(perm, NULL);
+
+ // selinux_check_access needs char* for some
+ myscon = const_cast<char *>(const_scon);
+ mytcon = const_cast<char *>(const_tcon);
+
+ accessGranted = selinux_check_access(myscon, mytcon, mytclass, myperm, NULL);
+
+ ALOGV("selinux_check_access returned %d", accessGranted);
+
+ env->ReleaseStringUTFChars(scon, const_scon);
+ env->ReleaseStringUTFChars(tcon, const_tcon);
+ env->ReleaseStringUTFChars(tclass, mytclass);
+ env->ReleaseStringUTFChars(perm, myperm);
+
+ bail:
+ return (accessGranted == 0) ? true : false;
+
+#else
+ return true;
+#endif
+ }
+
+ /*
+ * Function: native_restorecon
+ * Purpose: restore default SELinux security context
+ * Parameters: pathname: the pathname for the file to be relabeled
+ * Returns: boolean: (true) file label successfully restored, (false) otherwise
+ * Exceptions: none
+ */
+ static jboolean native_restorecon(JNIEnv *env, jobject clazz, jstring pathname) {
+#ifdef HAVE_SELINUX
+ if (isSELinuxDisabled)
+ return true;
+
+ const char *file = const_cast<char *>(env->GetStringUTFChars(pathname, NULL));
+ int ret = selinux_android_restorecon(file);
+ env->ReleaseStringUTFChars(pathname, file);
+ return (ret == 0);
+#else
+ return true;
+#endif
+ }
+
+ /*
+ * JNI registration.
+ */
+ static JNINativeMethod method_table[] = {
+
+ /* name, signature, funcPtr */
+ { "checkSELinuxAccess" , "(Ljava/lang/String;Ljava/lang/String;Ljava/lang/String;Ljava/lang/String;)Z" , (void*)checkSELinuxAccess },
+ { "getBooleanNames" , "()[Ljava/lang/String;" , (void*)getBooleanNames },
+ { "getBooleanValue" , "(Ljava/lang/String;)Z" , (void*)getBooleanValue },
+ { "getContext" , "()Ljava/lang/String;" , (void*)getCon },
+ { "getFileContext" , "(Ljava/lang/String;)Ljava/lang/String;" , (void*)getFileCon },
+ { "getPeerContext" , "(Ljava/io/FileDescriptor;)Ljava/lang/String;" , (void*)getPeerCon },
+ { "getPidContext" , "(I)Ljava/lang/String;" , (void*)getPidCon },
+ { "isSELinuxEnforced" , "()Z" , (void*)isSELinuxEnforced},
+ { "isSELinuxEnabled" , "()Z" , (void*)isSELinuxEnabled },
+ { "native_restorecon" , "(Ljava/lang/String;)Z" , (void*)native_restorecon},
+ { "setBooleanValue" , "(Ljava/lang/String;Z)Z" , (void*)setBooleanValue },
+ { "setFileContext" , "(Ljava/lang/String;Ljava/lang/String;)Z" , (void*)setFileCon },
+ { "setFSCreateContext" , "(Ljava/lang/String;)Z" , (void*)setFSCreateCon },
+ { "setSELinuxEnforce" , "(Z)Z" , (void*)setSELinuxEnforce},
+ };
+
+ static int log_callback(int type, const char *fmt, ...) {
+ va_list ap;
+ va_start(ap, fmt);
+ LOG_PRI_VA(ANDROID_LOG_ERROR, "SELinux", fmt, ap);
+ va_end(ap);
+ return 0;
+ }
+
+ int register_android_os_SELinux(JNIEnv *env) {
+#ifdef HAVE_SELINUX
+ union selinux_callback cb;
+ cb.func_log = log_callback;
+ selinux_set_callback(SELINUX_CB_LOG, cb);
+
+ isSELinuxDisabled = (is_selinux_enabled() != 1) ? true : false;
+
+#endif
+ return AndroidRuntime::registerNativeMethods(
+ env, "android/os/SELinux",
+ method_table, NELEM(method_table));
+ }
+}
diff --git a/core/jni/android_os_StatFs.cpp b/core/jni/android_os_StatFs.cpp
deleted file mode 100644
index 79d8fef..0000000
--- a/core/jni/android_os_StatFs.cpp
+++ /dev/null
@@ -1,163 +0,0 @@
-/*
- * Copyright 2007, The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#if INCLUDE_SYS_MOUNT_FOR_STATFS
-#include <sys/mount.h>
-#else
-#include <sys/statfs.h>
-#endif
-
-#include <errno.h>
-
-#include "jni.h"
-#include "JNIHelp.h"
-#include "android_runtime/AndroidRuntime.h"
-
-
-namespace android
-{
-
-// ----------------------------------------------------------------------------
-
-struct fields_t {
- jfieldID context;
-};
-static fields_t fields;
-
-// ----------------------------------------------------------------------------
-
-static jint
-android_os_StatFs_getBlockSize(JNIEnv *env, jobject thiz)
-{
- struct statfs *stat = (struct statfs *)env->GetIntField(thiz, fields.context);
- return stat->f_bsize;
-}
-
-static jint
-android_os_StatFs_getBlockCount(JNIEnv *env, jobject thiz)
-{
- struct statfs *stat = (struct statfs *)env->GetIntField(thiz, fields.context);
- return stat->f_blocks;
-}
-
-static jint
-android_os_StatFs_getFreeBlocks(JNIEnv *env, jobject thiz)
-{
- struct statfs *stat = (struct statfs *)env->GetIntField(thiz, fields.context);
- return stat->f_bfree;
-}
-
-static jint
-android_os_StatFs_getAvailableBlocks(JNIEnv *env, jobject thiz)
-{
- struct statfs *stat = (struct statfs *)env->GetIntField(thiz, fields.context);
- return stat->f_bavail;
-}
-
-static void
-android_os_StatFs_native_restat(JNIEnv *env, jobject thiz, jstring path)
-{
- if (path == NULL) {
- jniThrowException(env, "java/lang/IllegalArgumentException", NULL);
- return;
- }
-
- // get the object handle
- struct statfs *stat = (struct statfs *)env->GetIntField(thiz, fields.context);
- if (stat == NULL) {
- jniThrowException(env, "java/lang/NoSuchFieldException", NULL);
- return;
- }
-
- const char* pathstr = env->GetStringUTFChars(path, NULL);
- if (pathstr == NULL) {
- jniThrowException(env, "java/lang/RuntimeException", "Out of memory");
- return;
- }
-
- // note that stat will contain the new file data corresponding to
- // pathstr
- if (statfs(pathstr, stat) != 0) {
- ALOGE("statfs %s failed, errno: %d", pathstr, errno);
- delete stat;
- env->SetIntField(thiz, fields.context, 0);
- jniThrowException(env, "java/lang/IllegalArgumentException", NULL);
- }
- // Release pathstr
- env->ReleaseStringUTFChars(path, pathstr);
-}
-
-static void
-android_os_StatFs_native_setup(JNIEnv *env, jobject thiz, jstring path)
-{
- if (path == NULL) {
- jniThrowException(env, "java/lang/IllegalArgumentException", NULL);
- return;
- }
-
- struct statfs* stat = new struct statfs;
- if (stat == NULL) {
- jniThrowException(env, "java/lang/RuntimeException", "Out of memory");
- return;
- }
- env->SetIntField(thiz, fields.context, (int)stat);
- android_os_StatFs_native_restat(env, thiz, path);
-}
-
-static void
-android_os_StatFs_native_finalize(JNIEnv *env, jobject thiz)
-{
- struct statfs *stat = (struct statfs *)env->GetIntField(thiz, fields.context);
- if (stat != NULL) {
- delete stat;
- env->SetIntField(thiz, fields.context, 0);
- }
-}
-
-// ----------------------------------------------------------------------------
-
-static JNINativeMethod gMethods[] = {
- {"getBlockSize", "()I", (void *)android_os_StatFs_getBlockSize},
- {"getBlockCount", "()I", (void *)android_os_StatFs_getBlockCount},
- {"getFreeBlocks", "()I", (void *)android_os_StatFs_getFreeBlocks},
- {"getAvailableBlocks", "()I", (void *)android_os_StatFs_getAvailableBlocks},
- {"native_setup", "(Ljava/lang/String;)V", (void *)android_os_StatFs_native_setup},
- {"native_finalize", "()V", (void *)android_os_StatFs_native_finalize},
- {"native_restat", "(Ljava/lang/String;)V", (void *)android_os_StatFs_native_restat},
-};
-
-
-int register_android_os_StatFs(JNIEnv *env)
-{
- jclass clazz;
-
- clazz = env->FindClass("android/os/StatFs");
- if (clazz == NULL) {
- ALOGE("Can't find android/os/StatFs");
- return -1;
- }
-
- fields.context = env->GetFieldID(clazz, "mNativeContext", "I");
- if (fields.context == NULL) {
- ALOGE("Can't find StatFs.mNativeContext");
- return -1;
- }
-
- return AndroidRuntime::registerNativeMethods(env,
- "android/os/StatFs", gMethods, NELEM(gMethods));
-}
-
-} // namespace android
generated by cgit v1.1 at 2025-12-01 12:21:49 +0000