File Doc Category Size Date Package
SELinux.java API Doc Android 5.1 API 7732 Thu Mar 12 22:22:10 GMT 2015 android.os

SELinux

java.lang.Object

public class SELinux extends Object

This class provides access to the centralized jni bindings for SELinux interaction. {@hide}

Fields Summary
private static final String
TAG
private static final int
SELINUX_ANDROID_RESTORECON_NOCHANGE
Keep in sync with ./external/libselinux/include/selinux/android.h
private static final int
SELINUX_ANDROID_RESTORECON_VERBOSE
private static final int
SELINUX_ANDROID_RESTORECON_RECURSE
private static final int
SELINUX_ANDROID_RESTORECON_FORCE
private static final int
SELINUX_ANDROID_RESTORECON_DATADATA
Constructors Summary
Methods Summary
public static final native boolean checkSELinuxAccess(java.lang.String scon, java.lang.String tcon, java.lang.String tclass, java.lang.String perm)
Check permissions between two security contexts.
param
scon The source or subject security context.
param
tcon The target or object security context.
param
tclass The object security class name.
param
perm The permission name.
return
a boolean indicating whether permission was granted.
public static final native java.lang.String[] getBooleanNames()
Gets a list of the SELinux boolean names.
return
an array of strings containing the SELinux boolean names.
public static final native boolean getBooleanValue(java.lang.String name)
Gets the value for the given SELinux boolean name.
param
name The name of the SELinux boolean.
return
a boolean indicating whether the SELinux boolean is set.
public static final native java.lang.String getContext()
Gets the security context of the current process.
return
a String representing the security context of the current process.
public static final native java.lang.String getFileContext(java.lang.String path)
Get the security context of a file object.
param
path the pathname of the file object.
return
a security context given as a String.
public static final native java.lang.String getPeerContext(java.io.FileDescriptor fd)
Get the security context of a peer socket.
param
fd FileDescriptor class of the peer socket.
return
a String representing the peer socket security context.
public static final native java.lang.String getPidContext(int pid)
Gets the security context of a given process id.
param
pid an int representing the process id to check.
return
a String representing the security context of the given pid.
public static final native boolean isSELinuxEnabled()
Determine whether SELinux is disabled or enabled.
return
a boolean indicating whether SELinux is enabled.
public static final native boolean isSELinuxEnforced()
Determine whether SELinux is permissive or enforcing.
return
a boolean indicating whether SELinux is enforcing.
private static native boolean native_restorecon(java.lang.String pathname, int flags)
Restores a file to its default SELinux security context. If the system is not compiled with SELinux, then {@code true} is automatically returned. If SELinux is compiled in, but disabled, then {@code true} is returned.
param
pathname The pathname of the file to be relabeled.
return
a boolean indicating whether the relabeling succeeded.
public static boolean restorecon(java.lang.String pathname)
Restores a file to its default SELinux security context. If the system is not compiled with SELinux, then {@code true} is automatically returned. If SELinux is compiled in, but disabled, then {@code true} is returned.
param
pathname The pathname of the file to be relabeled.
return
a boolean indicating whether the relabeling succeeded.
exception
NullPointerException if the pathname is a null object.
if (pathname == null) { throw new NullPointerException(); } return native_restorecon(pathname, 0);
public static boolean restorecon(java.io.File file)
Restores a file to its default SELinux security context. If the system is not compiled with SELinux, then {@code true} is automatically returned. If SELinux is compiled in, but disabled, then {@code true} is returned.
param
file The File object representing the path to be relabeled.
return
a boolean indicating whether the relabeling succeeded.
exception
NullPointerException if the file is a null object.
try { return native_restorecon(file.getCanonicalPath(), 0); } catch (IOException e) { Slog.e(TAG, "Error getting canonical path. Restorecon failed for " + file.getPath(), e); return false; }
public static boolean restoreconRecursive(java.io.File file)
Recursively restores all files under the given path to their default SELinux security context. If the system is not compiled with SELinux, then {@code true} is automatically returned. If SELinux is compiled in, but disabled, then {@code true} is returned.
return
a boolean indicating whether the relabeling succeeded.
try { return native_restorecon(file.getCanonicalPath(), SELINUX_ANDROID_RESTORECON_RECURSE); } catch (IOException e) { Slog.e(TAG, "Error getting canonical path. Restorecon failed for " + file.getPath(), e); return false; }
public static final native boolean setBooleanValue(java.lang.String name, boolean value)
Sets the value for the given SELinux boolean name.
param
name The name of the SELinux boolean.
param
value The new value of the SELinux boolean.
return
a boolean indicating whether or not the operation succeeded.
public static final native boolean setFSCreateContext(java.lang.String context)
Sets the security context for newly created file objects.
param
context a security context given as a String.
return
a boolean indicating whether the operation succeeded.
public static final native boolean setFileContext(java.lang.String path, java.lang.String context)
Change the security context of an existing file object.
param
path representing the path of file object to relabel.
param
context new security context given as a String.
return
a boolean indicating whether the operation succeeded.
public static final native boolean setSELinuxEnforce(boolean value)
Set whether SELinux is permissive or enforcing.
param
value representing whether to set SELinux to enforcing
return
a boolean representing whether the desired mode was set