1 /* 2 * Copyright (C) 2013 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17 #include <jni.h> 18 #include <selinux/selinux.h> 19 #include <JNIHelp.h> 20 #include <ScopedUtfChars.h> 21 22 /* 23 * Function: checkSELinuxAccess 24 * Purpose: Check permissions between two security contexts. 25 * Parameters: subjectContextStr: subject security context as a string 26 * objectContextStr: object security context as a string 27 * objectClassStr: object's security class name as a string 28 * permissionStr: permission name as a string 29 * Returns: boolean: (true) if permission was granted, (false) otherwise 30 * Exceptions: NullPointerException if any argument is NULL 31 */ 32 static jboolean android_security_cts_SELinuxTest_checkSELinuxAccess(JNIEnv *env, jobject, jstring subjectContextStr, 33 jstring objectContextStr, jstring objectClassStr, jstring permissionStr, jstring auxStr) { 34 if (subjectContextStr == NULL || objectContextStr == NULL || objectClassStr == NULL 35 || permissionStr == NULL || auxStr == NULL) { 36 jniThrowNullPointerException(env, NULL); 37 return false; 38 } 39 40 ScopedUtfChars subjectContext(env, subjectContextStr); 41 ScopedUtfChars objectContext(env, objectContextStr); 42 ScopedUtfChars objectClass(env, objectClassStr); 43 ScopedUtfChars permission(env, permissionStr); 44 ScopedUtfChars aux(env, auxStr); 45 46 char *tmp1 = const_cast<char *>(subjectContext.c_str()); 47 char *tmp2 = const_cast<char *>(objectContext.c_str()); 48 char *tmp3 = const_cast<char *>(aux.c_str()); 49 int accessGranted = selinux_check_access(tmp1, tmp2, objectClass.c_str(), permission.c_str(), tmp3); 50 return (accessGranted == 0) ? true : false; 51 } 52 53 static jboolean android_security_cts_SELinuxTest_checkSELinuxContext(JNIEnv *env, jobject, jstring contextStr) { 54 if (contextStr == NULL) { 55 jniThrowNullPointerException(env, NULL); 56 return false; 57 } 58 59 ScopedUtfChars context(env, contextStr); 60 61 char *tmp = const_cast<char *>(context.c_str()); 62 int validContext = security_check_context(tmp); 63 return (validContext == 0) ? true : false; 64 } 65 66 67 static JNINativeMethod gMethods[] = { 68 { "checkSELinuxAccess", "(Ljava/lang/String;Ljava/lang/String;Ljava/lang/String;Ljava/lang/String;Ljava/lang/String;)Z", 69 (void *) android_security_cts_SELinuxTest_checkSELinuxAccess }, 70 { "checkSELinuxContext", "(Ljava/lang/String;)Z", 71 (void *) android_security_cts_SELinuxTest_checkSELinuxContext }, 72 }; 73 74 int register_android_security_cts_SELinuxTest(JNIEnv* env) 75 { 76 jclass clazz = env->FindClass("android/security/cts/SELinuxTest"); 77 return env->RegisterNatives(clazz, gMethods, 78 sizeof(gMethods) / sizeof(JNINativeMethod)); 79 } 80