下面列出了怎么用android.os.SELinux的API类实例代码及写法,或者点击链接到github查看源代码。
static void prepareStageDir(File stageDir) throws IOException {
if (stageDir.exists()) {
throw new IOException("Session dir already exists: " + stageDir);
}
try {
Os.mkdir(stageDir.getAbsolutePath(), 0755);
Os.chmod(stageDir.getAbsolutePath(), 0755);
} catch (ErrnoException e) {
// This purposefully throws if directory already exists
throw new IOException("Failed to prepare session dir: " + stageDir, e);
}
if (!SELinux.restorecon(stageDir)) {
throw new IOException("Failed to restorecon session dir: " + stageDir);
}
}
/**
* Build the cached bitmap filename for a shortcut icon.
*
* The filename will be based on the ID, except certain characters will be escaped.
*/
FileOutputStreamWithPath openIconFileForWrite(@UserIdInt int userId, ShortcutInfo shortcut)
throws IOException {
final File packagePath = new File(getUserBitmapFilePath(userId),
shortcut.getPackage());
if (!packagePath.isDirectory()) {
packagePath.mkdirs();
if (!packagePath.isDirectory()) {
throw new IOException("Unable to create directory " + packagePath);
}
SELinux.restorecon(packagePath);
}
final String baseName = String.valueOf(injectCurrentTimeMillis());
for (int suffix = 0; ; suffix++) {
final String filename = (suffix == 0 ? baseName : baseName + "_" + suffix) + ".png";
final File file = new File(packagePath, filename);
if (!file.exists()) {
if (DEBUG) {
Slog.d(TAG, "Saving icon to " + file.getAbsolutePath());
}
return new FileOutputStreamWithPath(file);
}
}
}
/**
* 检查SELinux是否启用或者处于Enforce模式
* 使用两套API,一套来自Xposed,一套来自隐私API。
* SELinux必须完全禁用才能保证自由(或者API工作可能不稳定)
* Note:由于SELinux安全政策,SELinux.isSELinuxEnforced在untrusted_app权限下enforce状态下仍返回false
*
* @return boolean
*/
@SuppressWarnings("ConstantConditions")
public static boolean isSELinuxPatrolling() {
//安全起见,假设为真
@SuppressWarnings("UnusedAssignment") boolean ret = true;
try {
ret = SELinuxHelper.isSELinuxEnabled() || SELinuxHelper.isSELinuxEnforced();
} catch (Throwable t) {
if (!(t instanceof NoClassDefFoundError))
t.printStackTrace();
try {
ret = SELinux.isSELinuxEnabled() || SELinux.isSELinuxEnforced();
} catch (Throwable ignored) {
}
}
return ret;
}
@Override
public void onUnlockUser(final int userId) {
synchronized (mLock) {
if (mCurrentUserId == userId) {
if (mWaitingForUnlock) {
// the desired wallpaper is not direct-boot aware, load it now
final WallpaperData systemWallpaper =
getWallpaperSafeLocked(userId, FLAG_SYSTEM);
switchWallpaper(systemWallpaper, null);
}
// Make sure that the SELinux labeling of all the relevant files is correct.
// This corrects for mislabeling bugs that might have arisen from move-to
// operations involving the wallpaper files. This isn't timing-critical,
// so we do it in the background to avoid holding up the user unlock operation.
if (mUserRestorecon.get(userId) != Boolean.TRUE) {
mUserRestorecon.put(userId, Boolean.TRUE);
Runnable relabeler = new Runnable() {
@Override
public void run() {
final File wallpaperDir = getWallpaperDir(userId);
for (String filename : sPerUserFiles) {
File f = new File(wallpaperDir, filename);
if (f.exists()) {
SELinux.restorecon(f);
}
}
}
};
BackgroundThread.getHandler().post(relabeler);
}
}
}
}
ParcelFileDescriptor updateWallpaperBitmapLocked(String name, WallpaperData wallpaper,
Bundle extras) {
if (name == null) name = "";
try {
File dir = getWallpaperDir(wallpaper.userId);
if (!dir.exists()) {
dir.mkdir();
FileUtils.setPermissions(
dir.getPath(),
FileUtils.S_IRWXU|FileUtils.S_IRWXG|FileUtils.S_IXOTH,
-1, -1);
}
ParcelFileDescriptor fd = ParcelFileDescriptor.open(wallpaper.wallpaperFile,
MODE_CREATE|MODE_READ_WRITE|MODE_TRUNCATE);
if (!SELinux.restorecon(wallpaper.wallpaperFile)) {
return null;
}
wallpaper.name = name;
wallpaper.wallpaperId = makeWallpaperIdLocked();
if (extras != null) {
extras.putInt(WallpaperManager.EXTRA_NEW_WALLPAPER_ID, wallpaper.wallpaperId);
}
// Nullify field to require new computation
wallpaper.primaryColors = null;
if (DEBUG) {
Slog.v(TAG, "updateWallpaperBitmapLocked() : id=" + wallpaper.wallpaperId
+ " name=" + name + " file=" + wallpaper.wallpaperFile.getName());
}
return fd;
} catch (FileNotFoundException e) {
Slog.w(TAG, "Error setting wallpaper", e);
}
return null;
}
private void writeBitmapLP(UserInfo info, Bitmap bitmap) {
try {
File dir = new File(mUsersDir, Integer.toString(info.id));
File file = new File(dir, USER_PHOTO_FILENAME);
File tmp = new File(dir, USER_PHOTO_FILENAME_TMP);
if (!dir.exists()) {
dir.mkdir();
FileUtils.setPermissions(
dir.getPath(),
FileUtils.S_IRWXU|FileUtils.S_IRWXG|FileUtils.S_IXOTH,
-1, -1);
}
FileOutputStream os;
if (bitmap.compress(Bitmap.CompressFormat.PNG, 100, os = new FileOutputStream(tmp))
&& tmp.renameTo(file) && SELinux.restorecon(file)) {
info.iconPath = file.getAbsolutePath();
}
try {
os.close();
} catch (IOException ioe) {
// What the ... !
}
tmp.delete();
} catch (FileNotFoundException e) {
Slog.w(LOG_TAG, "Error setting photo for user ", e);
}
}
private static void checkSELinuxStatus() {
String context = null;
boolean isEnabled = false, isEnforced = false;
try {
context = SELinux.getContext();
isEnabled = SELinux.isSELinuxEnabled();
isEnforced = SELinux.isSELinuxEnforced();
} catch (Throwable throwable) {
Log.w(TAG, "checkSELinuxStatus: ", throwable);
}
Log.i(TAG, "checkSELinuxStatus: Security Context:" + context + " is(Enabled/Enforced):" + StringUtils.varArgsToString(isEnabled, isEnforced));
}
private File getRingtoneCacheDir(int userId) {
final File cacheDir = new File(Environment.getDataSystemDeDirectory(userId), "ringtones");
cacheDir.mkdir();
SELinux.restorecon(cacheDir);
return cacheDir;
}