SELinux.java revision 66d5369e79182dbe65306b27a4da7f4a7e25c723
1/* 2 * Copyright (C) 2012 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17package android.os; 18 19import android.util.Slog; 20 21import java.io.IOException; 22import java.io.File; 23import java.io.FileDescriptor; 24 25/** 26 * This class provides access to the centralized jni bindings for 27 * SELinux interaction. 28 * {@hide} 29 */ 30public class SELinux { 31 32 private static final String TAG = "SELinux"; 33 34 /** 35 * Determine whether SELinux is disabled or enabled. 36 * @return a boolean indicating whether SELinux is enabled. 37 */ 38 public static final native boolean isSELinuxEnabled(); 39 40 /** 41 * Determine whether SELinux is permissive or enforcing. 42 * @return a boolean indicating whether SELinux is enforcing. 43 */ 44 public static final native boolean isSELinuxEnforced(); 45 46 /** 47 * Set whether SELinux is permissive or enforcing. 48 * @param value representing whether to set SELinux to enforcing 49 * @return a boolean representing whether the desired mode was set 50 */ 51 public static final native boolean setSELinuxEnforce(boolean value); 52 53 /** 54 * Sets the security context for newly created file objects. 55 * @param context a security context given as a String. 56 * @return a boolean indicating whether the operation succeeded. 57 */ 58 public static final native boolean setFSCreateContext(String context); 59 60 /** 61 * Change the security context of an existing file object. 62 * @param path representing the path of file object to relabel. 63 * @param context new security context given as a String. 64 * @return a boolean indicating whether the operation succeeded. 65 */ 66 public static final native boolean setFileContext(String path, String context); 67 68 /** 69 * Get the security context of a file object. 70 * @param path the pathname of the file object. 71 * @return a security context given as a String. 72 */ 73 public static final native String getFileContext(String path); 74 75 /** 76 * Get the security context of a peer socket. 77 * @param fd FileDescriptor class of the peer socket. 78 * @return a String representing the peer socket security context. 79 */ 80 public static final native String getPeerContext(FileDescriptor fd); 81 82 /** 83 * Gets the security context of the current process. 84 * @return a String representing the security context of the current process. 85 */ 86 public static final native String getContext(); 87 88 /** 89 * Gets the security context of a given process id. 90 * @param pid an int representing the process id to check. 91 * @return a String representing the security context of the given pid. 92 */ 93 public static final native String getPidContext(int pid); 94 95 /** 96 * Gets a list of the SELinux boolean names. 97 * @return an array of strings containing the SELinux boolean names. 98 */ 99 public static final native String[] getBooleanNames(); 100 101 /** 102 * Gets the value for the given SELinux boolean name. 103 * @param name The name of the SELinux boolean. 104 * @return a boolean indicating whether the SELinux boolean is set. 105 */ 106 public static final native boolean getBooleanValue(String name); 107 108 /** 109 * Sets the value for the given SELinux boolean name. 110 * @param name The name of the SELinux boolean. 111 * @param value The new value of the SELinux boolean. 112 * @return a boolean indicating whether or not the operation succeeded. 113 */ 114 public static final native boolean setBooleanValue(String name, boolean value); 115 116 /** 117 * Check permissions between two security contexts. 118 * @param scon The source or subject security context. 119 * @param tcon The target or object security context. 120 * @param tclass The object security class name. 121 * @param perm The permission name. 122 * @return a boolean indicating whether permission was granted. 123 */ 124 public static final native boolean checkSELinuxAccess(String scon, String tcon, String tclass, String perm); 125 126 /** 127 * Restores a file to its default SELinux security context. 128 * If the system is not compiled with SELinux, then {@code true} 129 * is automatically returned. 130 * If SELinux is compiled in, but disabled, then {@code true} is 131 * returned. 132 * 133 * @param pathname The pathname of the file to be relabeled. 134 * @return a boolean indicating whether the relabeling succeeded. 135 * @exception NullPointerException if the pathname is a null object. 136 */ 137 public static boolean restorecon(String pathname) throws NullPointerException { 138 if (pathname == null) { throw new NullPointerException(); } 139 return native_restorecon(pathname); 140 } 141 142 /** 143 * Restores a file to its default SELinux security context. 144 * If the system is not compiled with SELinux, then {@code true} 145 * is automatically returned. 146 * If SELinux is compiled in, but disabled, then {@code true} is 147 * returned. 148 * 149 * @param pathname The pathname of the file to be relabeled. 150 * @return a boolean indicating whether the relabeling succeeded. 151 */ 152 private static native boolean native_restorecon(String pathname); 153 154 /** 155 * Restores a file to its default SELinux security context. 156 * If the system is not compiled with SELinux, then {@code true} 157 * is automatically returned. 158 * If SELinux is compiled in, but disabled, then {@code true} is 159 * returned. 160 * 161 * @param file The File object representing the path to be relabeled. 162 * @return a boolean indicating whether the relabeling succeeded. 163 * @exception NullPointerException if the file is a null object. 164 */ 165 public static boolean restorecon(File file) throws NullPointerException { 166 try { 167 return native_restorecon(file.getCanonicalPath()); 168 } catch (IOException e) { 169 Slog.e(TAG, "Error getting canonical path. Restorecon failed for " + 170 file.getPath(), e); 171 return false; 172 } 173 } 174} 175