diff options
| -rw-r--r-- | core/java/android/os/SELinux.java | 27 | ||||
| -rw-r--r-- | core/jni/Android.bp | 1 | ||||
| -rw-r--r-- | core/jni/android_os_SELinux.cpp | 30 |
3 files changed, 50 insertions, 8 deletions
diff --git a/core/java/android/os/SELinux.java b/core/java/android/os/SELinux.java index f64a81177ce2..11c54ef802fe 100644 --- a/core/java/android/os/SELinux.java +++ b/core/java/android/os/SELinux.java @@ -193,4 +193,31 @@ public class SELinux { return false; } } + + /** + * Gets the genfs labels version of the vendor. The genfs labels version is + * specified in {@code /vendor/etc/selinux/genfs_labels_version.txt}. The + * version follows the VINTF version format "YYYYMM" and affects how {@code + * genfs_contexts} entries are applied. + * + * <p>The genfs labels version indicates changes in the SELinux labeling + * scheme over time. For example: + * <ul> + * <li>For version 202504 and later, {@code /sys/class/udc} is labeled as + * {@code sysfs_udc}. + * <li>For version 202404 and earlier, {@code /sys/class/udc} is labeled + * as {@code sysfs}. + * </ul> + * Check {@code /system/etc/selinux/plat_sepolicy_genfs_{version}.cil} to + * see which labels are new in {version}. + * + * <p>Older vendors may override {@code genfs_contexts} with vendor-specific + * extensions. The framework must not break such labellings to maintain + * compatibility with such vendors, by checking the genfs labels version and + * implementing a fallback mechanism. + * + * @return an integer representing the genfs labels version of /vendor, in + * the format YYYYMM. + */ + public static final native int getGenfsLabelsVersion(); } diff --git a/core/jni/Android.bp b/core/jni/Android.bp index 9a4ff8fc264f..37c84ce76e61 100644 --- a/core/jni/Android.bp +++ b/core/jni/Android.bp @@ -290,6 +290,7 @@ cc_library_shared_for_libandroid_runtime { "libasync_safe", "libbinderthreadstateutils", "libdmabufinfo", + "libgenfslabelsversion.ffi", "libgui_window_info_static", "libkernelconfigs", "libnativehelper_lazy", diff --git a/core/jni/android_os_SELinux.cpp b/core/jni/android_os_SELinux.cpp index 7a4670f4e49d..805d5ad41e83 100644 --- a/core/jni/android_os_SELinux.cpp +++ b/core/jni/android_os_SELinux.cpp @@ -18,18 +18,19 @@ #include <errno.h> #include <fcntl.h> - +#include <genfslabelsversion.h> +#include <nativehelper/JNIPlatformHelp.h> +#include <nativehelper/ScopedLocalRef.h> +#include <nativehelper/ScopedUtfChars.h> #include <utils/Log.h> -#include <nativehelper/JNIPlatformHelp.h> -#include "jni.h" +#include <atomic> +#include <memory> + #include "core_jni_helpers.h" -#include "selinux/selinux.h" +#include "jni.h" #include "selinux/android.h" -#include <memory> -#include <atomic> -#include <nativehelper/ScopedLocalRef.h> -#include <nativehelper/ScopedUtfChars.h> +#include "selinux/selinux.h" namespace android { namespace { @@ -404,8 +405,19 @@ static jboolean native_restorecon(JNIEnv *env, jobject, jstring pathnameStr, jin } /* + * Function: getGenfsLabelsVersion + * Purpose: get which genfs labels version /vendor uses + * Returns: int: genfs labels version of /vendor + * Exceptions: none + */ +static jint getGenfsLabelsVersion(JNIEnv *, jclass) { + return get_genfs_labels_version(); +} + +/* * JNI registration. */ +// clang-format off static const JNINativeMethod method_table[] = { /* name, signature, funcPtr */ { "checkSELinuxAccess" , "(Ljava/lang/String;Ljava/lang/String;Ljava/lang/String;Ljava/lang/String;)Z" , (void*)checkSELinuxAccess }, @@ -420,7 +432,9 @@ static const JNINativeMethod method_table[] = { { "setFileContext" , "(Ljava/lang/String;Ljava/lang/String;)Z" , (void*)setFileCon }, { "setFSCreateContext" , "(Ljava/lang/String;)Z" , (void*)setFSCreateCon }, { "fileSelabelLookup" , "(Ljava/lang/String;)Ljava/lang/String;" , (void*)fileSelabelLookup}, + { "getGenfsLabelsVersion" , "()I" , (void *)getGenfsLabelsVersion}, }; +// clang-format on static int log_callback(int type, const char *fmt, ...) { va_list ap; |