[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Adding support for ro.build.selinux to Android.os.SELinux



On Tue, 2012-07-10 at 16:49 -0700, William Roberts wrote:
> Wasn't sure if we wanted to move away from going through a JNI binding
> since we now have access to ro.build.selinux.
> 
> 
> This is some rough draft code, didn't know if we wanted to replace
> SELinux.isSELinuxEnabled() or augment another function for it.
> 
> 
> Please advise.

isSELinuxEnabled() is more general; it will return false if:
- SELinux was disabled in the build,
- SELinux was enabled in the build but not in the kernel,
- SELinux was enabled in the build and the kernel but no policy was
loaded.

In any of those cases, you just want to disable the userspace SELinux
processing, so a simple check of isSELinuxEnabled() is what you want.  I
don't see a need to check the build property from userspace aside from
the special case in the Settings app.

-- 
Stephen Smalley
National Security Agency


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with
the words "unsubscribe selinux" without quotes as the message.


[Fedora Users]     [Fedora Legacy]     [Fedora Desktop]     [Yosemite Photos]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

Powered by Linux