* Adding support for ro.build.selinux to Android.os.SELinux
@ 2012-07-10 23:49 William Roberts
2012-07-11 12:46 ` Stephen Smalley
0 siblings, 1 reply; 2+ messages in thread
From: William Roberts @ 2012-07-10 23:49 UTC (permalink / raw)
To: selinux; +Cc: rpcraig
[-- Attachment #1: Type: text/plain, Size: 1138 bytes --]
Wasn't sure if we wanted to move away from going through a JNI binding
since we now have access to ro.build.selinux.
This is some rough draft code, didn't know if we wanted to replace
SELinux.isSELinuxEnabled() or augment another function for it.
Please advise.
Bill
diff --git a/core/java/android/os/SELinux.java
b/core/java/android/os/SELinux.java
index 0ad24b7..59ae38b 100644
--- a/core/java/android/os/SELinux.java
+++ b/core/java/android/os/SELinux.java
@@ -109,4 +109,19 @@ public class SELinux {
* @return a boolean indicating whether the relabeling succeeded.
*/
public static final native boolean restorecon(String pathname);
+
+
+ /**
+ * Determines if the platform was built with SELinux Support.
+ * @return a boolean indicating whether or not the system was
+ * built with HAVE_SELINUX:=true.
+ */
+ public static final boolean isSystemSupported() {
+
+ Properties props = new Properties();
+ String selinuxStatus = props.getProperty("ro.build.selinux");
+
+ return selinuxStatus.equals("1") ? true : false;
+ }
+
}
--
Respectfully,
William C Roberts
[-- Attachment #2: Type: text/html, Size: 1589 bytes --]
^ permalink raw reply related [flat|nested] 2+ messages in thread* Re: Adding support for ro.build.selinux to Android.os.SELinux
2012-07-10 23:49 Adding support for ro.build.selinux to Android.os.SELinux William Roberts
@ 2012-07-11 12:46 ` Stephen Smalley
0 siblings, 0 replies; 2+ messages in thread
From: Stephen Smalley @ 2012-07-11 12:46 UTC (permalink / raw)
To: William Roberts; +Cc: selinux, rpcraig
On Tue, 2012-07-10 at 16:49 -0700, William Roberts wrote:
> Wasn't sure if we wanted to move away from going through a JNI binding
> since we now have access to ro.build.selinux.
>
>
> This is some rough draft code, didn't know if we wanted to replace
> SELinux.isSELinuxEnabled() or augment another function for it.
>
>
> Please advise.
isSELinuxEnabled() is more general; it will return false if:
- SELinux was disabled in the build,
- SELinux was enabled in the build but not in the kernel,
- SELinux was enabled in the build and the kernel but no policy was
loaded.
In any of those cases, you just want to disable the userspace SELinux
processing, so a simple check of isSELinuxEnabled() is what you want. I
don't see a need to check the build property from userspace aside from
the special case in the Settings app.
--
Stephen Smalley
National Security Agency
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2012-07-11 12:46 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2012-07-10 23:49 Adding support for ro.build.selinux to Android.os.SELinux William Roberts
2012-07-11 12:46 ` Stephen Smalley
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.