[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Adding support for ro.build.selinux to Android.os.SELinux

On Tue, 2012-07-10 at 16:49 -0700, William Roberts wrote:
> Wasn't sure if we wanted to move away from going through a JNI binding
> since we now have access to ro.build.selinux.
> This is some rough draft code, didn't know if we wanted to replace
> SELinux.isSELinuxEnabled() or augment another function for it.
> Please advise.

isSELinuxEnabled() is more general; it will return false if:
- SELinux was disabled in the build,
- SELinux was enabled in the build but not in the kernel,
- SELinux was enabled in the build and the kernel but no policy was

In any of those cases, you just want to disable the userspace SELinux
processing, so a simple check of isSELinuxEnabled() is what you want.  I
don't see a need to check the build property from userspace aside from
the special case in the Settings app.

Stephen Smalley
National Security Agency

This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with
the words "unsubscribe selinux" without quotes as the message.

[Fedora Users]     [Fedora Legacy]     [Fedora Desktop]     [Yosemite Photos]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

Powered by Linux