├── jni ├── selinux │ ├── dbus │ │ ├── VERSION │ │ ├── org.selinux.service │ │ ├── Makefile │ │ └── org.selinux.conf │ ├── gui │ │ ├── VERSION │ │ ├── sepolgen │ │ ├── sepolicy_16.png │ │ ├── sepolicy_22.png │ │ ├── sepolicy_32.png │ │ ├── sepolicy_48.png │ │ ├── sepolicy_256.png │ │ ├── system-config-selinux.png │ │ ├── system-config-selinux │ │ └── sepolicy.desktop │ ├── python │ │ ├── VERSION │ │ ├── sepolgen │ │ │ ├── VERSION │ │ │ ├── src │ │ │ │ ├── sepolgen │ │ │ │ │ ├── __init__.py │ │ │ │ │ └── Makefile │ │ │ │ ├── share │ │ │ │ │ └── Makefile │ │ │ │ └── Makefile │ │ │ ├── tests │ │ │ │ ├── .gitignore │ │ │ │ ├── module_compile_test.te │ │ │ │ ├── Makefile │ │ │ │ └── run-tests.py │ │ │ └── Makefile │ │ ├── sepolicy │ │ │ ├── sepolicy │ │ │ │ ├── help │ │ │ │ │ ├── __init__.py │ │ │ │ │ ├── booleans_more_show.txt │ │ │ │ │ ├── system.txt │ │ │ │ │ ├── login.png │ │ │ │ │ ├── start.png │ │ │ │ │ ├── users.png │ │ │ │ │ ├── system.png │ │ │ │ │ ├── booleans.png │ │ │ │ │ ├── file_equiv.png │ │ │ │ │ ├── files_apps.png │ │ │ │ │ ├── files_exec.png │ │ │ │ │ ├── lockdown.png │ │ │ │ │ ├── files_write.png │ │ │ │ │ ├── booleans_more.png │ │ │ │ │ ├── lockdown_ptrace.png │ │ │ │ │ ├── login_default.png │ │ │ │ │ ├── ports_inbound.png │ │ │ │ │ ├── ports_outbound.png │ │ │ │ │ ├── system_export.png │ │ │ │ │ ├── system_relabel.png │ │ │ │ │ ├── transition_file.png │ │ │ │ │ ├── transition_from.png │ │ │ │ │ ├── transition_to.png │ │ │ │ │ ├── booleans_toggled.png │ │ │ │ │ ├── system_boot_mode.png │ │ │ │ │ ├── booleans_more_show.png │ │ │ │ │ ├── lockdown_permissive.png │ │ │ │ │ ├── lockdown_unconfined.png │ │ │ │ │ ├── system_current_mode.png │ │ │ │ │ ├── system_policy_type.png │ │ │ │ │ ├── transition_from_boolean.png │ │ │ │ │ ├── transition_from_boolean_1.png │ │ │ │ │ ├── transition_from_boolean_2.png │ │ │ │ │ ├── transition_from_boolean_2.txt │ │ │ │ │ ├── booleans_more.txt │ │ │ │ │ ├── transition_from_boolean_1.txt │ │ │ │ │ ├── lockdown.txt │ │ │ │ │ ├── booleans_toggled.txt │ │ │ │ │ ├── ports_inbound.txt │ │ │ │ │ ├── ports_outbound.txt │ │ │ │ │ ├── system_current_mode.txt │ │ │ │ │ ├── files_exec.txt │ │ │ │ │ ├── system_policy_type.txt │ │ │ │ │ ├── system_export.txt │ │ │ │ │ ├── system_relabel.txt │ │ │ │ │ ├── booleans.txt │ │ │ │ │ ├── transition_from_boolean.txt │ │ │ │ │ ├── start.txt │ │ │ │ │ ├── system_boot_mode.txt │ │ │ │ │ ├── login_default.txt │ │ │ │ │ ├── files_apps.txt │ │ │ │ │ ├── files_write.txt │ │ │ │ │ ├── transition_to.txt │ │ │ │ │ ├── transition_from.txt │ │ │ │ │ ├── lockdown_permissive.txt │ │ │ │ │ ├── login.txt │ │ │ │ │ ├── users.txt │ │ │ │ │ └── lockdown_unconfined.txt │ │ │ │ └── templates │ │ │ │ │ └── __init__.py │ │ │ ├── .gitignore │ │ │ ├── sepolgen.8 │ │ │ ├── setup.py │ │ │ ├── sepolicy-gui.8 │ │ │ └── sepolicy-booleans.8 │ │ ├── audit2allow │ │ │ ├── .gitignore │ │ │ └── audit2why.1 │ │ ├── Makefile │ │ └── chcat │ │ │ └── Makefile │ ├── secilc │ │ ├── VERSION │ │ ├── docs │ │ │ ├── cil_design.dia │ │ │ └── cil_design.jpeg │ │ ├── .gitignore │ │ └── test │ │ │ └── minimum.cil │ ├── checkpolicy │ │ ├── VERSION │ │ ├── test │ │ │ ├── .gitignore │ │ │ └── Makefile │ │ ├── .gitignore │ │ └── checkpolicy.h │ ├── libselinux │ │ ├── VERSION │ │ ├── man │ │ │ ├── man3 │ │ │ │ ├── freecon.3 │ │ │ │ ├── setcon.3 │ │ │ │ ├── avc_reset.3 │ │ │ │ ├── freeconary.3 │ │ │ │ ├── getcon_raw.3 │ │ │ │ ├── getpeercon.3 │ │ │ │ ├── getpidcon.3 │ │ │ │ ├── getprevcon.3 │ │ │ │ ├── setcon_raw.3 │ │ │ │ ├── avc_audit.3 │ │ │ │ ├── avc_cleanup.3 │ │ │ │ ├── avc_destroy.3 │ │ │ │ ├── context_free.3 │ │ │ │ ├── fgetfilecon.3 │ │ │ │ ├── fsetfilecon.3 │ │ │ │ ├── getpeercon_raw.3 │ │ │ │ ├── getpidcon_raw.3 │ │ │ │ ├── getprevcon_raw.3 │ │ │ │ ├── lgetfilecon.3 │ │ │ │ ├── lsetfilecon.3 │ │ │ │ ├── rpm_execcon.3 │ │ │ │ ├── setexeccon.3 │ │ │ │ ├── avc_av_stats.3 │ │ │ │ ├── avc_sid_stats.3 │ │ │ │ ├── context_range_get.3 │ │ │ │ ├── context_range_set.3 │ │ │ │ ├── context_role_get.3 │ │ │ │ ├── context_role_set.3 │ │ │ │ ├── context_type_get.3 │ │ │ │ ├── context_type_set.3 │ │ │ │ ├── context_user_get.3 │ │ │ │ ├── context_user_set.3 │ │ │ │ ├── fgetfilecon_raw.3 │ │ │ │ ├── fsetfilecon_raw.3 │ │ │ │ ├── getexeccon_raw.3 │ │ │ │ ├── getfilecon_raw.3 │ │ │ │ ├── lgetfilecon_raw.3 │ │ │ │ ├── lsetfilecon_raw.3 │ │ │ │ ├── selabel_close.3 │ │ │ │ ├── setexeccon_raw.3 │ │ │ │ ├── setfilecon_raw.3 │ │ │ │ ├── setfscreatecon.3 │ │ │ │ ├── sidget.3 │ │ │ │ ├── sidput.3 │ │ │ │ ├── avc_entry_ref_init.3 │ │ │ │ ├── avc_has_perm_noaudit.3 │ │ │ │ ├── avc_netlink_close.3 │ │ │ │ ├── avc_netlink_open.3 │ │ │ │ ├── fini_selinuxmnt.3 │ │ │ │ ├── getfscreatecon_raw.3 │ │ │ │ ├── matchpathcon_fini.3 │ │ │ │ ├── matchpathcon_index.3 │ │ │ │ ├── matchpathcon_init.3 │ │ │ │ ├── security_setenforce.3 │ │ │ │ ├── selabel_lookup_raw.3 │ │ │ │ ├── set_selinuxmnt.3 │ │ │ │ ├── setfscreatecon_raw.3 │ │ │ │ ├── setkeycreatecon.3 │ │ │ │ ├── setsockcreatecon.3 │ │ │ │ ├── avc_compute_member.3 │ │ │ │ ├── avc_get_initial_sid.3 │ │ │ │ ├── avc_netlink_acquire_fd.3 │ │ │ │ ├── avc_netlink_check_nb.3 │ │ │ │ ├── avc_netlink_release_fd.3 │ │ │ │ ├── avc_sid_to_context.3 │ │ │ │ ├── checkPasswdAccess.3 │ │ │ │ ├── getkeycreatecon_raw.3 │ │ │ │ ├── getsockcreatecon_raw.3 │ │ │ │ ├── selinux_path.3 │ │ │ │ ├── setkeycreatecon_raw.3 │ │ │ │ ├── setsockcreatecon_raw.3 │ │ │ │ ├── avc_get_initial_context.3 │ │ │ │ ├── get_default_context.3 │ │ │ │ ├── get_default_type.3 │ │ │ │ ├── is_selinux_mls_enabled.3 │ │ │ │ ├── print_access_vector.3 │ │ │ │ ├── query_user_context.3 │ │ │ │ ├── security_av_string.3 │ │ │ │ ├── security_compute_av_raw.3 │ │ │ │ ├── security_compute_create.3 │ │ │ │ ├── security_compute_member.3 │ │ │ │ ├── security_compute_relabel.3 │ │ │ │ ├── security_compute_user.3 │ │ │ │ ├── security_deny_unknown.3 │ │ │ │ ├── security_mkload_policy.3 │ │ │ │ ├── security_set_boolean.3 │ │ │ │ ├── selinux_check_access.3 │ │ │ │ ├── selinux_mkload_policy.3 │ │ │ │ ├── selinux_set_policy_root.3 │ │ │ │ ├── selinux_status_close.3 │ │ │ │ ├── selinux_status_updated.3 │ │ │ │ ├── string_to_av_perm.3 │ │ │ │ ├── mode_to_security_class.3 │ │ │ │ ├── security_check_context_raw.3 │ │ │ │ ├── security_commit_booleans.3 │ │ │ │ ├── security_compute_av_flags.3 │ │ │ │ ├── security_compute_av_flags_raw.3 │ │ │ │ ├── security_compute_create_name.3 │ │ │ │ ├── security_compute_create_raw.3 │ │ │ │ ├── security_compute_member_raw.3 │ │ │ │ ├── security_compute_relabel_raw.3 │ │ │ │ ├── security_compute_user_raw.3 │ │ │ │ ├── security_get_boolean_names.3 │ │ │ │ ├── security_get_initial_context.3 │ │ │ │ ├── selinux_booleans_path.3 │ │ │ │ ├── selinux_check_passwd_access.3 │ │ │ │ ├── selinux_contexts_path.3 │ │ │ │ ├── selinux_init_load_policy.3 │ │ │ │ ├── selinux_status_deny_unknown.3 │ │ │ │ ├── selinux_status_getenforce.3 │ │ │ │ ├── selinux_status_policyload.3 │ │ │ │ ├── selinux_usersconf_path.3 │ │ │ │ ├── selinux_x_context_path.3 │ │ │ │ ├── set_matchpathcon_printf.3 │ │ │ │ ├── string_to_security_class.3 │ │ │ │ ├── get_default_context_with_role.3 │ │ │ │ ├── manual_user_enter_context.3 │ │ │ │ ├── matchpathcon_filespec_add.3 │ │ │ │ ├── matchpathcon_filespec_eval.3 │ │ │ │ ├── security_av_perm_to_string.3 │ │ │ │ ├── security_compute_create_name_raw.3 │ │ │ │ ├── security_get_boolean_active.3 │ │ │ │ ├── security_get_boolean_pending.3 │ │ │ │ ├── security_get_initial_context_raw.3 │ │ │ │ ├── selinux_current_policy_path.3 │ │ │ │ ├── selinux_default_type_path.3 │ │ │ │ ├── selinux_file_context_path.3 │ │ │ │ ├── selinux_media_context_path.3 │ │ │ │ ├── selinux_user_contexts_path.3 │ │ │ │ ├── set_matchpathcon_invalidcon.3 │ │ │ │ ├── get_default_context_with_level.3 │ │ │ │ ├── get_default_context_with_rolelevel.3 │ │ │ │ ├── matchpathcon_filespec_destroy.3 │ │ │ │ ├── selabel_lookup_best_match_raw.3 │ │ │ │ ├── selinux_default_context_path.3 │ │ │ │ ├── selinux_failsafe_context_path.3 │ │ │ │ ├── selinux_file_context_local_path.3 │ │ │ │ ├── selinux_homedir_context_path.3 │ │ │ │ ├── selinux_netfilter_context_path.3 │ │ │ │ ├── selinux_removable_context_path.3 │ │ │ │ ├── selinux_securetty_types_path.3 │ │ │ │ ├── get_ordered_context_list_with_level.3 │ │ │ │ ├── selinux_file_context_homedir_path.3 │ │ │ │ ├── security_policyvers.3 │ │ │ │ ├── selinux_check_securetty_context.3 │ │ │ │ ├── security_check_context.3 │ │ │ │ ├── selinux_getpolicytype.3 │ │ │ │ ├── selinux_lsetfilecon_default.3 │ │ │ │ ├── is_selinux_enabled.3 │ │ │ │ ├── init_selinuxmnt.3 │ │ │ │ ├── matchmediacon.3 │ │ │ │ └── selinux_getenforcemode.3 │ │ │ ├── man5 │ │ │ │ ├── media.5 │ │ │ │ ├── x_contexts.5 │ │ │ │ ├── file_contexts.5 │ │ │ │ ├── sepgsql_contexts.5 │ │ │ │ ├── file_contexts.local.5 │ │ │ │ ├── file_contexts.subs.5 │ │ │ │ ├── file_contexts.homedirs.5 │ │ │ │ └── file_contexts.subs_dist.5 │ │ │ ├── Makefile │ │ │ └── man8 │ │ │ │ ├── getenforce.8 │ │ │ │ ├── selinuxenabled.8 │ │ │ │ ├── togglesebool.8 │ │ │ │ ├── setenforce.8 │ │ │ │ └── selinuxexeccon.8 │ │ ├── src │ │ │ ├── .gitignore │ │ │ ├── get_default_type_internal.h │ │ │ ├── freecon.c │ │ │ ├── get_context_list_internal.h │ │ │ ├── setrans_internal.h │ │ │ ├── freeconary.c │ │ │ ├── libselinux.pc.in │ │ │ ├── context_internal.h │ │ │ ├── exception.sh │ │ │ ├── dso.h │ │ │ ├── selinux_netlink.h │ │ │ ├── disable.c │ │ │ ├── setenforce.c │ │ │ ├── callbacks.h │ │ │ ├── getenforce.c │ │ │ ├── policy.h │ │ │ ├── deny_unknown.c │ │ │ └── checkreqprot.c │ │ ├── utils │ │ │ ├── selinuxenabled.c │ │ │ ├── policyvers.c │ │ │ ├── .gitignore │ │ │ ├── setfilecon.c │ │ │ ├── getfilecon.c │ │ │ ├── getpidcon.c │ │ │ ├── getenforce.c │ │ │ ├── compute_create.c │ │ │ ├── compute_member.c │ │ │ ├── compute_user.c │ │ │ ├── selinux_check_securetty_context.c │ │ │ └── compute_relabel.c │ │ └── include │ │ │ ├── Makefile │ │ │ └── selinux │ │ │ └── get_default_type.h │ ├── libsemanage │ │ ├── VERSION │ │ ├── tests │ │ │ ├── .gitignore │ │ │ ├── test_utilities.h │ │ │ └── Makefile │ │ ├── man │ │ │ ├── man3 │ │ │ │ ├── semanage_bool_list.3 │ │ │ │ ├── semanage_iface_list.3 │ │ │ │ ├── semanage_node_list.3 │ │ │ │ ├── semanage_port_list.3 │ │ │ │ ├── semanage_user_list.3 │ │ │ │ ├── semanage_bool_count.3 │ │ │ │ ├── semanage_bool_del_local.3 │ │ │ │ ├── semanage_bool_exists.3 │ │ │ │ ├── semanage_bool_iterate.3 │ │ │ │ ├── semanage_bool_list_local.3 │ │ │ │ ├── semanage_bool_query.3 │ │ │ │ ├── semanage_fcontext_count.3 │ │ │ │ ├── semanage_fcontext_list.3 │ │ │ │ ├── semanage_fcontext_query.3 │ │ │ │ ├── semanage_iface_count.3 │ │ │ │ ├── semanage_iface_del_local.3 │ │ │ │ ├── semanage_iface_exists.3 │ │ │ │ ├── semanage_iface_query.3 │ │ │ │ ├── semanage_node_count.3 │ │ │ │ ├── semanage_node_del_local.3 │ │ │ │ ├── semanage_node_exists.3 │ │ │ │ ├── semanage_node_iterate.3 │ │ │ │ ├── semanage_node_list_local.3 │ │ │ │ ├── semanage_node_query.3 │ │ │ │ ├── semanage_port_count.3 │ │ │ │ ├── semanage_port_del_local.3 │ │ │ │ ├── semanage_port_exists.3 │ │ │ │ ├── semanage_port_iterate.3 │ │ │ │ ├── semanage_port_list_local.3 │ │ │ │ ├── semanage_port_query.3 │ │ │ │ ├── semanage_seuser_count.3 │ │ │ │ ├── semanage_seuser_del_local.3 │ │ │ │ ├── semanage_seuser_exists.3 │ │ │ │ ├── semanage_seuser_list.3 │ │ │ │ ├── semanage_seuser_query.3 │ │ │ │ ├── semanage_user_count.3 │ │ │ │ ├── semanage_user_del_local.3 │ │ │ │ ├── semanage_user_exists.3 │ │ │ │ ├── semanage_user_iterate.3 │ │ │ │ ├── semanage_user_list_local.3 │ │ │ │ ├── semanage_user_query.3 │ │ │ │ ├── semanage_bool_count_active.3 │ │ │ │ ├── semanage_bool_count_local.3 │ │ │ │ ├── semanage_bool_exists_active.3 │ │ │ │ ├── semanage_bool_exists_local.3 │ │ │ │ ├── semanage_bool_list_active.3 │ │ │ │ ├── semanage_bool_modify_local.3 │ │ │ │ ├── semanage_bool_query_active.3 │ │ │ │ ├── semanage_bool_query_local.3 │ │ │ │ ├── semanage_fcontext_del_local.3 │ │ │ │ ├── semanage_fcontext_exists.3 │ │ │ │ ├── semanage_fcontext_iterate.3 │ │ │ │ ├── semanage_fcontext_list_local.3 │ │ │ │ ├── semanage_iface_count_local.3 │ │ │ │ ├── semanage_iface_exists_local.3 │ │ │ │ ├── semanage_iface_iterate.3 │ │ │ │ ├── semanage_iface_list_local.3 │ │ │ │ ├── semanage_iface_modify_local.3 │ │ │ │ ├── semanage_iface_query_local.3 │ │ │ │ ├── semanage_node_count_local.3 │ │ │ │ ├── semanage_node_exists_local.3 │ │ │ │ ├── semanage_node_modify_local.3 │ │ │ │ ├── semanage_node_query_local.3 │ │ │ │ ├── semanage_port_count_local.3 │ │ │ │ ├── semanage_port_exists_local.3 │ │ │ │ ├── semanage_port_modify_local.3 │ │ │ │ ├── semanage_port_query_local.3 │ │ │ │ ├── semanage_seuser_count_local.3 │ │ │ │ ├── semanage_seuser_iterate.3 │ │ │ │ ├── semanage_seuser_list_local.3 │ │ │ │ ├── semanage_seuser_query_local.3 │ │ │ │ ├── semanage_user_count_local.3 │ │ │ │ ├── semanage_user_exists_local.3 │ │ │ │ ├── semanage_user_modify_local.3 │ │ │ │ ├── semanage_user_query_local.3 │ │ │ │ ├── semanage_bool_iterate_active.3 │ │ │ │ ├── semanage_bool_iterate_local.3 │ │ │ │ ├── semanage_fcontext_count_local.3 │ │ │ │ ├── semanage_fcontext_exists_local.3 │ │ │ │ ├── semanage_fcontext_iterate_local.3 │ │ │ │ ├── semanage_fcontext_modify_local.3 │ │ │ │ ├── semanage_fcontext_query_local.3 │ │ │ │ ├── semanage_iface_iterate_local.3 │ │ │ │ ├── semanage_node_iterate_local.3 │ │ │ │ ├── semanage_port_iterate_local.3 │ │ │ │ ├── semanage_seuser_exists_local.3 │ │ │ │ ├── semanage_seuser_iterate_local.3 │ │ │ │ ├── semanage_seuser_modify_local.3 │ │ │ │ └── semanage_user_iterate_local.3 │ │ │ └── Makefile │ │ ├── .gitignore │ │ ├── src │ │ │ ├── .gitignore │ │ │ ├── context_internal.h │ │ │ ├── handle_internal.h │ │ │ ├── libsemanage.pc.in │ │ │ ├── exception.sh │ │ │ └── dso.h │ │ ├── include │ │ │ └── Makefile │ │ ├── utils │ │ │ └── Makefile │ │ └── Makefile │ ├── libsepol │ │ ├── VERSION │ │ ├── tests │ │ │ ├── .gitignore │ │ │ └── policies │ │ │ │ ├── .gitignore │ │ │ │ ├── test-expander │ │ │ │ ├── alias-module.conf │ │ │ │ ├── user-module.conf │ │ │ │ ├── role-module.conf │ │ │ │ └── base-base-only.conf │ │ │ │ ├── test-deps │ │ │ │ ├── modreq-attr-global.conf │ │ │ │ ├── modreq-perm-global.conf │ │ │ │ ├── modreq-role-global.conf │ │ │ │ ├── modreq-type-global.conf │ │ │ │ ├── modreq-obj-global.conf │ │ │ │ ├── modreq-attr-opt.conf │ │ │ │ ├── modreq-bool-global.conf │ │ │ │ ├── modreq-role-opt.conf │ │ │ │ ├── modreq-type-opt.conf │ │ │ │ ├── modreq-perm-opt.conf │ │ │ │ ├── modreq-bool-opt.conf │ │ │ │ ├── modreq-obj-opt.conf │ │ │ │ └── module.conf │ │ │ │ ├── test-hooks │ │ │ │ ├── module_add_symbols.conf │ │ │ │ └── module_add_role_allow_trans.conf │ │ │ │ └── support │ │ │ │ └── misc_macros.spt │ │ ├── .gitignore │ │ ├── cil │ │ │ ├── test │ │ │ │ └── integration_testing │ │ │ │ │ ├── small.cil │ │ │ │ │ └── ordered_lists_easy.cil │ │ │ ├── .gitignore │ │ │ └── src │ │ │ │ ├── cil_reset_ast.h │ │ │ │ └── dso.h │ │ ├── src │ │ │ ├── module_internal.h │ │ │ ├── av_permissions.h │ │ │ ├── policydb_internal.h │ │ │ ├── libsepol.pc.in │ │ │ ├── android_m_compat.c │ │ │ ├── boolean_internal.h │ │ │ ├── handle.h │ │ │ ├── iface_internal.h │ │ │ ├── android_m_compat.h │ │ │ ├── ibendport_internal.h │ │ │ ├── port_internal.h │ │ │ ├── context_internal.h │ │ │ ├── user_internal.h │ │ │ ├── ibpkey_internal.h │ │ │ └── dso.h │ │ ├── include │ │ │ ├── sepol │ │ │ │ ├── kernel_to_cil.h │ │ │ │ ├── kernel_to_conf.h │ │ │ │ ├── module_to_cil.h │ │ │ │ ├── roles.h │ │ │ │ ├── policydb │ │ │ │ │ ├── link.h │ │ │ │ │ └── polcaps.h │ │ │ │ └── context.h │ │ │ └── Makefile │ │ ├── man │ │ │ ├── Makefile │ │ │ └── man8 │ │ │ │ └── genpolbools.8 │ │ ├── Makefile │ │ └── utils │ │ │ └── Makefile │ ├── mcstrans │ │ ├── VERSION │ │ ├── src │ │ │ ├── .gitignore │ │ │ ├── README │ │ │ ├── mcstrans.service │ │ │ ├── mls_level.h │ │ │ └── mcstrans.h │ │ ├── utils │ │ │ ├── .gitignore │ │ │ ├── callgrind-mcstransd │ │ │ ├── valgrind-mcstransd │ │ │ ├── Makefile │ │ │ ├── untranscon.c │ │ │ └── transcon.c │ │ ├── share │ │ │ └── examples │ │ │ │ ├── urcsts-via-include │ │ │ │ ├── setrans.d │ │ │ │ │ ├── s.conf │ │ │ │ │ ├── u.conf │ │ │ │ │ ├── r.conf │ │ │ │ │ ├── system.conf │ │ │ │ │ ├── c.conf │ │ │ │ │ └── ts.conf │ │ │ │ ├── urcsts.test │ │ │ │ ├── README │ │ │ │ ├── setrans.conf │ │ │ │ └── secolor.conf │ │ │ │ ├── non-mls-color │ │ │ │ ├── README │ │ │ │ ├── secolor.conf │ │ │ │ └── non-mls.color │ │ │ │ ├── pipes │ │ │ │ ├── setrans.d │ │ │ │ │ └── pipes.conf │ │ │ │ ├── pipes.test │ │ │ │ └── setrans.conf │ │ │ │ ├── default │ │ │ │ ├── README │ │ │ │ └── default.test │ │ │ │ ├── nato │ │ │ │ ├── setrans.d │ │ │ │ │ └── constraints.conf │ │ │ │ ├── README │ │ │ │ └── setrans.conf │ │ │ │ ├── include │ │ │ │ ├── README │ │ │ │ ├── setrans.conf │ │ │ │ └── default.test │ │ │ │ └── urcsts │ │ │ │ ├── README │ │ │ │ ├── setrans.conf │ │ │ │ ├── urcsts.test │ │ │ │ └── secolor.conf │ │ ├── man │ │ │ └── Makefile │ │ ├── Makefile │ │ └── TODO │ ├── restorecond │ │ ├── VERSION │ │ ├── .gitignore │ │ ├── org.selinux.Restorecond.service │ │ ├── restorecond_user.conf │ │ ├── restorecond.conf │ │ ├── restorecond.desktop │ │ └── restorecond.service │ ├── sandbox │ │ ├── VERSION │ │ ├── .gitignore │ │ ├── sandbox.config │ │ ├── sandbox.conf │ │ └── start │ ├── policycoreutils │ │ ├── VERSION │ │ ├── scripts │ │ │ ├── .gitignore │ │ │ └── Makefile │ │ ├── semodule │ │ │ ├── .gitignore │ │ │ └── Makefile │ │ ├── setfiles │ │ │ └── .gitignore │ │ ├── hll │ │ │ ├── Makefile │ │ │ └── pp │ │ │ │ └── Makefile │ │ ├── .tx │ │ │ └── config │ │ ├── newrole │ │ │ ├── newrole-lspp.pamd │ │ │ └── newrole.pamd │ │ ├── man │ │ │ └── Makefile │ │ ├── Makefile │ │ ├── .gitignore │ │ ├── sestatus │ │ │ ├── sestatus.conf │ │ │ └── Makefile │ │ ├── run_init │ │ │ └── run_init.pamd │ │ └── load_policy │ │ │ └── Makefile │ ├── semodule-utils │ │ ├── VERSION │ │ ├── .gitignore │ │ ├── Makefile │ │ ├── semodule_link │ │ │ └── Makefile │ │ ├── semodule_expand │ │ │ └── Makefile │ │ ├── semodule_deps │ │ │ └── Makefile │ │ └── semodule_package │ │ │ ├── semodule_unpackage.8 │ │ │ └── Makefile │ ├── CleanSpec.mk │ ├── .gitignore │ └── scripts │ │ ├── Lindent │ │ └── make-update ├── Application.mk ├── su │ └── setproctitle.h ├── external │ ├── Android.mk │ └── selinux │ │ └── get_default_type.h └── include │ └── resetprop.h ├── .gitignore └── Makefile /jni/selinux/dbus/VERSION: -------------------------------------------------------------------------------- 1 | 2.7-rc4 2 | -------------------------------------------------------------------------------- /jni/selinux/gui/VERSION: -------------------------------------------------------------------------------- 1 | 2.7-rc4 2 | -------------------------------------------------------------------------------- /jni/selinux/python/VERSION: -------------------------------------------------------------------------------- 1 | 2.7-rc4 2 | -------------------------------------------------------------------------------- /jni/selinux/secilc/VERSION: -------------------------------------------------------------------------------- 1 | 2.7-rc4 2 | -------------------------------------------------------------------------------- /jni/selinux/checkpolicy/VERSION: -------------------------------------------------------------------------------- 1 | 2.7-rc4 2 | -------------------------------------------------------------------------------- /jni/selinux/libselinux/VERSION: -------------------------------------------------------------------------------- 1 | 2.7-rc4 2 | -------------------------------------------------------------------------------- /jni/selinux/libsemanage/VERSION: -------------------------------------------------------------------------------- 1 | 2.7-rc4 2 | -------------------------------------------------------------------------------- /jni/selinux/libsepol/VERSION: -------------------------------------------------------------------------------- 1 | 2.7-rc4 2 | -------------------------------------------------------------------------------- /jni/selinux/mcstrans/VERSION: -------------------------------------------------------------------------------- 1 | 2.7-rc4 2 | -------------------------------------------------------------------------------- /jni/selinux/python/sepolgen/VERSION: -------------------------------------------------------------------------------- 1 | 2.6 2 | -------------------------------------------------------------------------------- /jni/selinux/restorecond/VERSION: -------------------------------------------------------------------------------- 1 | 2.7-rc4 2 | -------------------------------------------------------------------------------- /jni/selinux/sandbox/VERSION: -------------------------------------------------------------------------------- 1 | 2.7-rc4 2 | -------------------------------------------------------------------------------- /jni/selinux/policycoreutils/VERSION: -------------------------------------------------------------------------------- 1 | 2.7-rc4 2 | -------------------------------------------------------------------------------- /jni/selinux/policycoreutils/scripts/.gitignore: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /jni/selinux/sandbox/.gitignore: -------------------------------------------------------------------------------- 1 | seunshare 2 | -------------------------------------------------------------------------------- /jni/selinux/semodule-utils/VERSION: -------------------------------------------------------------------------------- 1 | 2.7-rc4 2 | -------------------------------------------------------------------------------- /jni/selinux/mcstrans/src/.gitignore: -------------------------------------------------------------------------------- 1 | mcstransd 2 | -------------------------------------------------------------------------------- /jni/selinux/python/sepolgen/src/sepolgen/__init__.py: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /jni/selinux/python/sepolicy/sepolicy/help/__init__.py: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /jni/selinux/restorecond/.gitignore: -------------------------------------------------------------------------------- 1 | restorecond 2 | -------------------------------------------------------------------------------- /jni/selinux/libsepol/tests/.gitignore: -------------------------------------------------------------------------------- 1 | libsepol-tests 2 | -------------------------------------------------------------------------------- /jni/selinux/checkpolicy/test/.gitignore: -------------------------------------------------------------------------------- 1 | dismod 2 | dispol 3 | -------------------------------------------------------------------------------- /jni/selinux/gui/sepolgen: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | sepolicy generate $* 3 | -------------------------------------------------------------------------------- /jni/selinux/libselinux/man/man3/freecon.3: -------------------------------------------------------------------------------- 1 | .so man3/getcon.3 2 | -------------------------------------------------------------------------------- /jni/selinux/libselinux/man/man3/setcon.3: -------------------------------------------------------------------------------- 1 | .so man3/getcon.3 2 | -------------------------------------------------------------------------------- /jni/selinux/libsemanage/tests/.gitignore: -------------------------------------------------------------------------------- 1 | libsemanage-tests 2 | -------------------------------------------------------------------------------- /jni/selinux/libselinux/man/man3/avc_reset.3: -------------------------------------------------------------------------------- 1 | .so man3/avc_open.3 2 | -------------------------------------------------------------------------------- /jni/selinux/libselinux/man/man3/freeconary.3: -------------------------------------------------------------------------------- 1 | .so man3/getcon.3 2 | -------------------------------------------------------------------------------- /jni/selinux/libselinux/man/man3/getcon_raw.3: -------------------------------------------------------------------------------- 1 | .so man3/getcon.3 2 | -------------------------------------------------------------------------------- /jni/selinux/libselinux/man/man3/getpeercon.3: -------------------------------------------------------------------------------- 1 | .so man3/getcon.3 2 | -------------------------------------------------------------------------------- /jni/selinux/libselinux/man/man3/getpidcon.3: -------------------------------------------------------------------------------- 1 | .so man3/getcon.3 2 | -------------------------------------------------------------------------------- /jni/selinux/libselinux/man/man3/getprevcon.3: -------------------------------------------------------------------------------- 1 | .so man3/getcon.3 2 | -------------------------------------------------------------------------------- /jni/selinux/libselinux/man/man3/setcon_raw.3: -------------------------------------------------------------------------------- 1 | .so man3/getcon.3 2 | -------------------------------------------------------------------------------- /jni/selinux/libselinux/man/man5/media.5: -------------------------------------------------------------------------------- 1 | .so man5/selabel_media.5 2 | -------------------------------------------------------------------------------- /jni/selinux/libsepol/.gitignore: -------------------------------------------------------------------------------- 1 | utils/chkcon 2 | libsepol.map 3 | -------------------------------------------------------------------------------- /jni/selinux/mcstrans/utils/.gitignore: -------------------------------------------------------------------------------- 1 | transcon 2 | untranscon 3 | -------------------------------------------------------------------------------- /jni/selinux/policycoreutils/semodule/.gitignore: -------------------------------------------------------------------------------- 1 | genhomedircon 2 | -------------------------------------------------------------------------------- /jni/selinux/policycoreutils/setfiles/.gitignore: -------------------------------------------------------------------------------- 1 | setfiles.8.man 2 | -------------------------------------------------------------------------------- /jni/selinux/python/sepolicy/.gitignore: -------------------------------------------------------------------------------- 1 | build 2 | tmp 3 | *.bak 4 | -------------------------------------------------------------------------------- /jni/selinux/libselinux/man/man3/avc_audit.3: -------------------------------------------------------------------------------- 1 | .so man3/avc_has_perm.3 2 | -------------------------------------------------------------------------------- /jni/selinux/libselinux/man/man3/avc_cleanup.3: -------------------------------------------------------------------------------- 1 | .so man3/avc_open.3 2 | -------------------------------------------------------------------------------- /jni/selinux/libselinux/man/man3/avc_destroy.3: -------------------------------------------------------------------------------- 1 | .so man3/avc_open.3 2 | -------------------------------------------------------------------------------- /jni/selinux/libselinux/man/man3/context_free.3: -------------------------------------------------------------------------------- 1 | .so man3/context_new.3 2 | -------------------------------------------------------------------------------- /jni/selinux/libselinux/man/man3/fgetfilecon.3: -------------------------------------------------------------------------------- 1 | .so man3/getfilecon.3 2 | -------------------------------------------------------------------------------- /jni/selinux/libselinux/man/man3/fsetfilecon.3: -------------------------------------------------------------------------------- 1 | .so man3/setfilecon.3 2 | -------------------------------------------------------------------------------- /jni/selinux/libselinux/man/man3/getpeercon_raw.3: -------------------------------------------------------------------------------- 1 | .so man3/getcon.3 2 | -------------------------------------------------------------------------------- /jni/selinux/libselinux/man/man3/getpidcon_raw.3: -------------------------------------------------------------------------------- 1 | .so man3/getcon.3 2 | -------------------------------------------------------------------------------- /jni/selinux/libselinux/man/man3/getprevcon_raw.3: -------------------------------------------------------------------------------- 1 | .so man3/getcon.3 2 | -------------------------------------------------------------------------------- /jni/selinux/libselinux/man/man3/lgetfilecon.3: -------------------------------------------------------------------------------- 1 | .so man3/getfilecon.3 2 | -------------------------------------------------------------------------------- /jni/selinux/libselinux/man/man3/lsetfilecon.3: -------------------------------------------------------------------------------- 1 | .so man3/setfilecon.3 2 | -------------------------------------------------------------------------------- /jni/selinux/libselinux/man/man3/rpm_execcon.3: -------------------------------------------------------------------------------- 1 | .so man3/getexeccon.3 2 | -------------------------------------------------------------------------------- /jni/selinux/libselinux/man/man3/setexeccon.3: -------------------------------------------------------------------------------- 1 | .so man3/getexeccon.3 2 | -------------------------------------------------------------------------------- /jni/selinux/libselinux/man/man5/x_contexts.5: -------------------------------------------------------------------------------- 1 | .so man5/selabel_x.5 2 | -------------------------------------------------------------------------------- /jni/selinux/python/audit2allow/.gitignore: -------------------------------------------------------------------------------- 1 | sepolgen-ifgen-attr-helper 2 | -------------------------------------------------------------------------------- /jni/selinux/python/audit2allow/audit2why.1: -------------------------------------------------------------------------------- 1 | .so man1/audit2allow.1 2 | -------------------------------------------------------------------------------- /jni/selinux/python/sepolicy/sepolgen.8: -------------------------------------------------------------------------------- 1 | .so man8/sepolicy-generate.8 2 | -------------------------------------------------------------------------------- /jni/selinux/libselinux/man/man3/avc_av_stats.3: -------------------------------------------------------------------------------- 1 | .so man3/avc_cache_stats.3 2 | -------------------------------------------------------------------------------- /jni/selinux/libselinux/man/man3/avc_sid_stats.3: -------------------------------------------------------------------------------- 1 | .so man3/avc_cache_stats.3 2 | -------------------------------------------------------------------------------- /jni/selinux/libselinux/man/man3/context_range_get.3: -------------------------------------------------------------------------------- 1 | .so man3/context_new.3 2 | -------------------------------------------------------------------------------- /jni/selinux/libselinux/man/man3/context_range_set.3: -------------------------------------------------------------------------------- 1 | .so man3/context_new.3 2 | -------------------------------------------------------------------------------- /jni/selinux/libselinux/man/man3/context_role_get.3: -------------------------------------------------------------------------------- 1 | .so man3/context_new.3 2 | -------------------------------------------------------------------------------- /jni/selinux/libselinux/man/man3/context_role_set.3: -------------------------------------------------------------------------------- 1 | .so man3/context_new.3 2 | -------------------------------------------------------------------------------- /jni/selinux/libselinux/man/man3/context_type_get.3: -------------------------------------------------------------------------------- 1 | .so man3/context_new.3 2 | -------------------------------------------------------------------------------- /jni/selinux/libselinux/man/man3/context_type_set.3: -------------------------------------------------------------------------------- 1 | .so man3/context_new.3 2 | -------------------------------------------------------------------------------- /jni/selinux/libselinux/man/man3/context_user_get.3: -------------------------------------------------------------------------------- 1 | .so man3/context_new.3 2 | -------------------------------------------------------------------------------- /jni/selinux/libselinux/man/man3/context_user_set.3: -------------------------------------------------------------------------------- 1 | .so man3/context_new.3 2 | -------------------------------------------------------------------------------- /jni/selinux/libselinux/man/man3/fgetfilecon_raw.3: -------------------------------------------------------------------------------- 1 | .so man3/getfilecon.3 2 | -------------------------------------------------------------------------------- /jni/selinux/libselinux/man/man3/fsetfilecon_raw.3: -------------------------------------------------------------------------------- 1 | .so man3/setfilecon.3 2 | -------------------------------------------------------------------------------- /jni/selinux/libselinux/man/man3/getexeccon_raw.3: -------------------------------------------------------------------------------- 1 | .so man3/getexeccon.3 2 | -------------------------------------------------------------------------------- /jni/selinux/libselinux/man/man3/getfilecon_raw.3: -------------------------------------------------------------------------------- 1 | .so man3/getfilecon.3 2 | -------------------------------------------------------------------------------- /jni/selinux/libselinux/man/man3/lgetfilecon_raw.3: -------------------------------------------------------------------------------- 1 | .so man3/getfilecon.3 2 | -------------------------------------------------------------------------------- /jni/selinux/libselinux/man/man3/lsetfilecon_raw.3: -------------------------------------------------------------------------------- 1 | .so man3/setfilecon.3 2 | -------------------------------------------------------------------------------- /jni/selinux/libselinux/man/man3/selabel_close.3: -------------------------------------------------------------------------------- 1 | .so man3/selabel_open.3 2 | -------------------------------------------------------------------------------- /jni/selinux/libselinux/man/man3/setexeccon_raw.3: -------------------------------------------------------------------------------- 1 | .so man3/getexeccon.3 2 | -------------------------------------------------------------------------------- /jni/selinux/libselinux/man/man3/setfilecon_raw.3: -------------------------------------------------------------------------------- 1 | .so man3/setfilecon.3 2 | -------------------------------------------------------------------------------- /jni/selinux/libselinux/man/man3/setfscreatecon.3: -------------------------------------------------------------------------------- 1 | .so man3/getfscreatecon.3 2 | -------------------------------------------------------------------------------- /jni/selinux/libselinux/man/man3/sidget.3: -------------------------------------------------------------------------------- 1 | .so man3/avc_context_to_sid.3 2 | -------------------------------------------------------------------------------- /jni/selinux/libselinux/man/man3/sidput.3: -------------------------------------------------------------------------------- 1 | .so man3/avc_context_to_sid.3 2 | -------------------------------------------------------------------------------- /jni/selinux/libselinux/man/man5/file_contexts.5: -------------------------------------------------------------------------------- 1 | .so man5/selabel_file.5 2 | -------------------------------------------------------------------------------- /jni/selinux/libselinux/man/man5/sepgsql_contexts.5: -------------------------------------------------------------------------------- 1 | .so man5/selabel_db.5 2 | -------------------------------------------------------------------------------- /jni/selinux/libselinux/man/man3/avc_entry_ref_init.3: -------------------------------------------------------------------------------- 1 | .so man3/avc_has_perm.3 2 | -------------------------------------------------------------------------------- /jni/selinux/libselinux/man/man3/avc_has_perm_noaudit.3: -------------------------------------------------------------------------------- 1 | .so man3/avc_has_perm.3 2 | -------------------------------------------------------------------------------- /jni/selinux/libselinux/man/man3/avc_netlink_close.3: -------------------------------------------------------------------------------- 1 | .so man3/avc_netlink_loop.3 2 | -------------------------------------------------------------------------------- /jni/selinux/libselinux/man/man3/avc_netlink_open.3: -------------------------------------------------------------------------------- 1 | .so man3/avc_netlink_loop.3 2 | -------------------------------------------------------------------------------- /jni/selinux/libselinux/man/man3/fini_selinuxmnt.3: -------------------------------------------------------------------------------- 1 | .so man3/init_selinuxmnt.3 2 | -------------------------------------------------------------------------------- /jni/selinux/libselinux/man/man3/getfscreatecon_raw.3: -------------------------------------------------------------------------------- 1 | .so man3/getfscreatecon.3 2 | -------------------------------------------------------------------------------- /jni/selinux/libselinux/man/man3/matchpathcon_fini.3: -------------------------------------------------------------------------------- 1 | .so man3/matchpathcon.3 2 | -------------------------------------------------------------------------------- /jni/selinux/libselinux/man/man3/matchpathcon_index.3: -------------------------------------------------------------------------------- 1 | .so man3/matchpathcon.3 2 | -------------------------------------------------------------------------------- /jni/selinux/libselinux/man/man3/matchpathcon_init.3: -------------------------------------------------------------------------------- 1 | .so man3/matchpathcon.3 2 | -------------------------------------------------------------------------------- /jni/selinux/libselinux/man/man3/security_setenforce.3: -------------------------------------------------------------------------------- 1 | .so security_getenforce.3 2 | -------------------------------------------------------------------------------- /jni/selinux/libselinux/man/man3/selabel_lookup_raw.3: -------------------------------------------------------------------------------- 1 | .so man3/selabel_lookup.3 2 | -------------------------------------------------------------------------------- /jni/selinux/libselinux/man/man3/set_selinuxmnt.3: -------------------------------------------------------------------------------- 1 | .so man3/init_selinuxmnt.3 2 | -------------------------------------------------------------------------------- /jni/selinux/libselinux/man/man3/setfscreatecon_raw.3: -------------------------------------------------------------------------------- 1 | .so man3/getfscreatecon.3 2 | -------------------------------------------------------------------------------- /jni/selinux/libselinux/man/man3/setkeycreatecon.3: -------------------------------------------------------------------------------- 1 | .so man3/getkeycreatecon.3 2 | -------------------------------------------------------------------------------- /jni/selinux/libselinux/man/man3/setsockcreatecon.3: -------------------------------------------------------------------------------- 1 | .so man3/getsockcreatecon.3 2 | -------------------------------------------------------------------------------- /jni/selinux/libselinux/man/man5/file_contexts.local.5: -------------------------------------------------------------------------------- 1 | .so man5/selabel_file.5 2 | -------------------------------------------------------------------------------- /jni/selinux/libselinux/man/man5/file_contexts.subs.5: -------------------------------------------------------------------------------- 1 | .so man5/selabel_file.5 2 | -------------------------------------------------------------------------------- /jni/selinux/libsemanage/man/man3/semanage_bool_list.3: -------------------------------------------------------------------------------- 1 | .so man3/semanage_list.3 2 | -------------------------------------------------------------------------------- /jni/selinux/libsemanage/man/man3/semanage_iface_list.3: -------------------------------------------------------------------------------- 1 | .so man3/semanage_list.3 2 | -------------------------------------------------------------------------------- /jni/selinux/libsemanage/man/man3/semanage_node_list.3: -------------------------------------------------------------------------------- 1 | .so man3/semanage_list.3 2 | -------------------------------------------------------------------------------- /jni/selinux/libsemanage/man/man3/semanage_port_list.3: -------------------------------------------------------------------------------- 1 | .so man3/semanage_list.3 2 | -------------------------------------------------------------------------------- /jni/selinux/libsemanage/man/man3/semanage_user_list.3: -------------------------------------------------------------------------------- 1 | .so man3/semanage_list.3 2 | -------------------------------------------------------------------------------- /jni/selinux/libselinux/man/man3/avc_compute_member.3: -------------------------------------------------------------------------------- 1 | .so man3/avc_compute_create.3 2 | -------------------------------------------------------------------------------- /jni/selinux/libselinux/man/man3/avc_get_initial_sid.3: -------------------------------------------------------------------------------- 1 | .so man3/avc_context_to_sid.3 2 | -------------------------------------------------------------------------------- /jni/selinux/libselinux/man/man3/avc_netlink_acquire_fd.3: -------------------------------------------------------------------------------- 1 | .so man3/avc_netlink_loop.3 2 | -------------------------------------------------------------------------------- /jni/selinux/libselinux/man/man3/avc_netlink_check_nb.3: -------------------------------------------------------------------------------- 1 | .so man3/avc_netlink_loop.3 2 | -------------------------------------------------------------------------------- /jni/selinux/libselinux/man/man3/avc_netlink_release_fd.3: -------------------------------------------------------------------------------- 1 | .so man3/avc_netlink_loop.3 2 | -------------------------------------------------------------------------------- /jni/selinux/libselinux/man/man3/avc_sid_to_context.3: -------------------------------------------------------------------------------- 1 | .so man3/avc_context_to_sid.3 2 | -------------------------------------------------------------------------------- /jni/selinux/libselinux/man/man3/checkPasswdAccess.3: -------------------------------------------------------------------------------- 1 | .so man3/security_compute_av.3 2 | -------------------------------------------------------------------------------- /jni/selinux/libselinux/man/man3/getkeycreatecon_raw.3: -------------------------------------------------------------------------------- 1 | .so man3/getkeycreatecon.3 2 | -------------------------------------------------------------------------------- /jni/selinux/libselinux/man/man3/getsockcreatecon_raw.3: -------------------------------------------------------------------------------- 1 | .so man3/getsockcreatecon.3 2 | -------------------------------------------------------------------------------- /jni/selinux/libselinux/man/man3/selinux_path.3: -------------------------------------------------------------------------------- 1 | .so man3/selinux_binary_policy_path.3 2 | -------------------------------------------------------------------------------- /jni/selinux/libselinux/man/man3/setkeycreatecon_raw.3: -------------------------------------------------------------------------------- 1 | .so man3/getkeycreatecon.3 2 | -------------------------------------------------------------------------------- /jni/selinux/libselinux/man/man3/setsockcreatecon_raw.3: -------------------------------------------------------------------------------- 1 | .so man3/getsockcreatecon.3 2 | -------------------------------------------------------------------------------- /jni/selinux/libselinux/man/man5/file_contexts.homedirs.5: -------------------------------------------------------------------------------- 1 | .so man5/selabel_file.5 2 | -------------------------------------------------------------------------------- /jni/selinux/libselinux/man/man5/file_contexts.subs_dist.5: -------------------------------------------------------------------------------- 1 | .so man5/selabel_file.5 2 | -------------------------------------------------------------------------------- /jni/selinux/libsemanage/man/man3/semanage_bool_count.3: -------------------------------------------------------------------------------- 1 | .so man3/semanage_count.3 2 | -------------------------------------------------------------------------------- /jni/selinux/libsemanage/man/man3/semanage_bool_del_local.3: -------------------------------------------------------------------------------- 1 | .so man3/semanage_del.3 2 | -------------------------------------------------------------------------------- /jni/selinux/libsemanage/man/man3/semanage_bool_exists.3: -------------------------------------------------------------------------------- 1 | .so man3/semanage_exists.3 2 | -------------------------------------------------------------------------------- /jni/selinux/libsemanage/man/man3/semanage_bool_iterate.3: -------------------------------------------------------------------------------- 1 | .so man3/semanage_iterate.3 2 | -------------------------------------------------------------------------------- /jni/selinux/libsemanage/man/man3/semanage_bool_list_local.3: -------------------------------------------------------------------------------- 1 | .so man3/semanage_list.3 2 | -------------------------------------------------------------------------------- /jni/selinux/libsemanage/man/man3/semanage_bool_query.3: -------------------------------------------------------------------------------- 1 | .so man3/semanage_query.3 2 | -------------------------------------------------------------------------------- /jni/selinux/libsemanage/man/man3/semanage_fcontext_count.3: -------------------------------------------------------------------------------- 1 | .so man3/semanage_count.3 2 | -------------------------------------------------------------------------------- /jni/selinux/libsemanage/man/man3/semanage_fcontext_list.3: -------------------------------------------------------------------------------- 1 | .so man3/semanage_list.3 2 | -------------------------------------------------------------------------------- /jni/selinux/libsemanage/man/man3/semanage_fcontext_query.3: -------------------------------------------------------------------------------- 1 | .so man3/semanage_query.3 2 | -------------------------------------------------------------------------------- /jni/selinux/libsemanage/man/man3/semanage_iface_count.3: -------------------------------------------------------------------------------- 1 | .so man3/semanage_count.3 2 | -------------------------------------------------------------------------------- /jni/selinux/libsemanage/man/man3/semanage_iface_del_local.3: -------------------------------------------------------------------------------- 1 | .so man3/semanage_del.3 2 | -------------------------------------------------------------------------------- /jni/selinux/libsemanage/man/man3/semanage_iface_exists.3: -------------------------------------------------------------------------------- 1 | .so man3/semanage_exists.3 2 | -------------------------------------------------------------------------------- /jni/selinux/libsemanage/man/man3/semanage_iface_query.3: -------------------------------------------------------------------------------- 1 | .so man3/semanage_query.3 2 | -------------------------------------------------------------------------------- /jni/selinux/libsemanage/man/man3/semanage_node_count.3: -------------------------------------------------------------------------------- 1 | .so man3/semanage_count.3 2 | -------------------------------------------------------------------------------- /jni/selinux/libsemanage/man/man3/semanage_node_del_local.3: -------------------------------------------------------------------------------- 1 | .so man3/semanage_del.3 2 | -------------------------------------------------------------------------------- /jni/selinux/libsemanage/man/man3/semanage_node_exists.3: -------------------------------------------------------------------------------- 1 | .so man3/semanage_exists.3 2 | -------------------------------------------------------------------------------- /jni/selinux/libsemanage/man/man3/semanage_node_iterate.3: -------------------------------------------------------------------------------- 1 | .so man3/semanage_iterate.3 2 | -------------------------------------------------------------------------------- /jni/selinux/libsemanage/man/man3/semanage_node_list_local.3: -------------------------------------------------------------------------------- 1 | .so man3/semanage_list.3 2 | -------------------------------------------------------------------------------- /jni/selinux/libsemanage/man/man3/semanage_node_query.3: -------------------------------------------------------------------------------- 1 | .so man3/semanage_query.3 2 | -------------------------------------------------------------------------------- /jni/selinux/libsemanage/man/man3/semanage_port_count.3: -------------------------------------------------------------------------------- 1 | .so man3/semanage_count.3 2 | -------------------------------------------------------------------------------- /jni/selinux/libsemanage/man/man3/semanage_port_del_local.3: -------------------------------------------------------------------------------- 1 | .so man3/semanage_del.3 2 | -------------------------------------------------------------------------------- /jni/selinux/libsemanage/man/man3/semanage_port_exists.3: -------------------------------------------------------------------------------- 1 | .so man3/semanage_exists.3 2 | -------------------------------------------------------------------------------- /jni/selinux/libsemanage/man/man3/semanage_port_iterate.3: -------------------------------------------------------------------------------- 1 | .so man3/semanage_iterate.3 2 | -------------------------------------------------------------------------------- /jni/selinux/libsemanage/man/man3/semanage_port_list_local.3: -------------------------------------------------------------------------------- 1 | .so man3/semanage_list.3 2 | -------------------------------------------------------------------------------- /jni/selinux/libsemanage/man/man3/semanage_port_query.3: -------------------------------------------------------------------------------- 1 | .so man3/semanage_query.3 2 | -------------------------------------------------------------------------------- /jni/selinux/libsemanage/man/man3/semanage_seuser_count.3: -------------------------------------------------------------------------------- 1 | .so man3/semanage_count.3 2 | -------------------------------------------------------------------------------- /jni/selinux/libsemanage/man/man3/semanage_seuser_del_local.3: -------------------------------------------------------------------------------- 1 | .so man3/semanage_del.3 2 | -------------------------------------------------------------------------------- /jni/selinux/libsemanage/man/man3/semanage_seuser_exists.3: -------------------------------------------------------------------------------- 1 | .so man3/semanage_exists.3 2 | -------------------------------------------------------------------------------- /jni/selinux/libsemanage/man/man3/semanage_seuser_list.3: -------------------------------------------------------------------------------- 1 | .so man3/semanage_list.3 2 | -------------------------------------------------------------------------------- /jni/selinux/libsemanage/man/man3/semanage_seuser_query.3: -------------------------------------------------------------------------------- 1 | .so man3/semanage_query.3 2 | -------------------------------------------------------------------------------- /jni/selinux/libsemanage/man/man3/semanage_user_count.3: -------------------------------------------------------------------------------- 1 | .so man3/semanage_count.3 2 | -------------------------------------------------------------------------------- /jni/selinux/libsemanage/man/man3/semanage_user_del_local.3: -------------------------------------------------------------------------------- 1 | .so man3/semanage_del.3 2 | -------------------------------------------------------------------------------- /jni/selinux/libsemanage/man/man3/semanage_user_exists.3: -------------------------------------------------------------------------------- 1 | .so man3/semanage_exists.3 2 | -------------------------------------------------------------------------------- /jni/selinux/libsemanage/man/man3/semanage_user_iterate.3: -------------------------------------------------------------------------------- 1 | .so man3/semanage_iterate.3 2 | -------------------------------------------------------------------------------- /jni/selinux/libsemanage/man/man3/semanage_user_list_local.3: -------------------------------------------------------------------------------- 1 | .so man3/semanage_list.3 2 | -------------------------------------------------------------------------------- /jni/selinux/libsemanage/man/man3/semanage_user_query.3: -------------------------------------------------------------------------------- 1 | .so man3/semanage_query.3 2 | -------------------------------------------------------------------------------- /jni/selinux/libselinux/man/man3/avc_get_initial_context.3: -------------------------------------------------------------------------------- 1 | .so man3/avc_context_to_sid.3 2 | -------------------------------------------------------------------------------- /jni/selinux/libselinux/man/man3/get_default_context.3: -------------------------------------------------------------------------------- 1 | .so man3/get_ordered_context_list.3 2 | -------------------------------------------------------------------------------- /jni/selinux/libselinux/man/man3/get_default_type.3: -------------------------------------------------------------------------------- 1 | .so man3/get_ordered_context_list.3 2 | -------------------------------------------------------------------------------- /jni/selinux/libselinux/man/man3/is_selinux_mls_enabled.3: -------------------------------------------------------------------------------- 1 | .so man3/is_selinux_enabled.3 2 | -------------------------------------------------------------------------------- /jni/selinux/libselinux/man/man3/print_access_vector.3: -------------------------------------------------------------------------------- 1 | .so man3/security_class_to_string.3 2 | -------------------------------------------------------------------------------- /jni/selinux/libselinux/man/man3/query_user_context.3: -------------------------------------------------------------------------------- 1 | .so man3/get_ordered_context_list.3 2 | -------------------------------------------------------------------------------- /jni/selinux/libselinux/man/man3/security_av_string.3: -------------------------------------------------------------------------------- 1 | .so man3/security_class_to_string.3 2 | -------------------------------------------------------------------------------- /jni/selinux/libselinux/man/man3/security_compute_av_raw.3: -------------------------------------------------------------------------------- 1 | .so man3/security_compute_av.3 2 | -------------------------------------------------------------------------------- /jni/selinux/libselinux/man/man3/security_compute_create.3: -------------------------------------------------------------------------------- 1 | .so man3/security_compute_av.3 2 | -------------------------------------------------------------------------------- /jni/selinux/libselinux/man/man3/security_compute_member.3: -------------------------------------------------------------------------------- 1 | .so man3/security_compute_av.3 2 | -------------------------------------------------------------------------------- /jni/selinux/libselinux/man/man3/security_compute_relabel.3: -------------------------------------------------------------------------------- 1 | .so man3/security_compute_av.3 2 | -------------------------------------------------------------------------------- /jni/selinux/libselinux/man/man3/security_compute_user.3: -------------------------------------------------------------------------------- 1 | .so man3/security_compute_av.3 2 | -------------------------------------------------------------------------------- /jni/selinux/libselinux/man/man3/security_deny_unknown.3: -------------------------------------------------------------------------------- 1 | .so man3/security_getenforce.3 2 | -------------------------------------------------------------------------------- /jni/selinux/libselinux/man/man3/security_mkload_policy.3: -------------------------------------------------------------------------------- 1 | .so man3/security_load_policy.3 2 | -------------------------------------------------------------------------------- /jni/selinux/libselinux/man/man3/security_set_boolean.3: -------------------------------------------------------------------------------- 1 | .so man3/security_load_booleans.3 2 | -------------------------------------------------------------------------------- /jni/selinux/libselinux/man/man3/selinux_check_access.3: -------------------------------------------------------------------------------- 1 | .so man3/security_compute_av.3 2 | -------------------------------------------------------------------------------- /jni/selinux/libselinux/man/man3/selinux_mkload_policy.3: -------------------------------------------------------------------------------- 1 | .so man3/security_load_policy.3 2 | -------------------------------------------------------------------------------- /jni/selinux/libselinux/man/man3/selinux_set_policy_root.3: -------------------------------------------------------------------------------- 1 | .so man3/selinux_policy_root.3 2 | -------------------------------------------------------------------------------- /jni/selinux/libselinux/man/man3/selinux_status_close.3: -------------------------------------------------------------------------------- 1 | .so man3/selinux_status_open.3 2 | -------------------------------------------------------------------------------- /jni/selinux/libselinux/man/man3/selinux_status_updated.3: -------------------------------------------------------------------------------- 1 | .so man3/selinux_status_open.3 2 | -------------------------------------------------------------------------------- /jni/selinux/libselinux/man/man3/string_to_av_perm.3: -------------------------------------------------------------------------------- 1 | .so man3/security_class_to_string.3 2 | -------------------------------------------------------------------------------- /jni/selinux/libsemanage/man/man3/semanage_bool_count_active.3: -------------------------------------------------------------------------------- 1 | .so man3/semanage_count.3 2 | -------------------------------------------------------------------------------- /jni/selinux/libsemanage/man/man3/semanage_bool_count_local.3: -------------------------------------------------------------------------------- 1 | .so man3/semanage_count.3 2 | -------------------------------------------------------------------------------- /jni/selinux/libsemanage/man/man3/semanage_bool_exists_active.3: -------------------------------------------------------------------------------- 1 | .so man3/semanage_exists.3 2 | -------------------------------------------------------------------------------- /jni/selinux/libsemanage/man/man3/semanage_bool_exists_local.3: -------------------------------------------------------------------------------- 1 | .so man3/semanage_exists.3 2 | -------------------------------------------------------------------------------- /jni/selinux/libsemanage/man/man3/semanage_bool_list_active.3: -------------------------------------------------------------------------------- 1 | .so man3/semanage_list.3 2 | -------------------------------------------------------------------------------- /jni/selinux/libsemanage/man/man3/semanage_bool_modify_local.3: -------------------------------------------------------------------------------- 1 | .so man3/semanage_modify.3 2 | -------------------------------------------------------------------------------- /jni/selinux/libsemanage/man/man3/semanage_bool_query_active.3: -------------------------------------------------------------------------------- 1 | .so man3/semanage_query.3 2 | -------------------------------------------------------------------------------- /jni/selinux/libsemanage/man/man3/semanage_bool_query_local.3: -------------------------------------------------------------------------------- 1 | .so man3/semanage_query.3 2 | -------------------------------------------------------------------------------- /jni/selinux/libsemanage/man/man3/semanage_fcontext_del_local.3: -------------------------------------------------------------------------------- 1 | .so man3/semanage_del.3 2 | -------------------------------------------------------------------------------- /jni/selinux/libsemanage/man/man3/semanage_fcontext_exists.3: -------------------------------------------------------------------------------- 1 | .so man3/semanage_exists.3 2 | -------------------------------------------------------------------------------- /jni/selinux/libsemanage/man/man3/semanage_fcontext_iterate.3: -------------------------------------------------------------------------------- 1 | .so man3/semanage_iterate.3 2 | -------------------------------------------------------------------------------- /jni/selinux/libsemanage/man/man3/semanage_fcontext_list_local.3: -------------------------------------------------------------------------------- 1 | .so man3/semanage_list.3 2 | -------------------------------------------------------------------------------- /jni/selinux/libsemanage/man/man3/semanage_iface_count_local.3: -------------------------------------------------------------------------------- 1 | .so man3/semanage_count.3 2 | -------------------------------------------------------------------------------- /jni/selinux/libsemanage/man/man3/semanage_iface_exists_local.3: -------------------------------------------------------------------------------- 1 | .so man3/semanage_exists.3 2 | -------------------------------------------------------------------------------- /jni/selinux/libsemanage/man/man3/semanage_iface_iterate.3: -------------------------------------------------------------------------------- 1 | .so man3/semanage_iterate.3 2 | -------------------------------------------------------------------------------- /jni/selinux/libsemanage/man/man3/semanage_iface_list_local.3: -------------------------------------------------------------------------------- 1 | .so man3/semanage_list.3 2 | -------------------------------------------------------------------------------- /jni/selinux/libsemanage/man/man3/semanage_iface_modify_local.3: -------------------------------------------------------------------------------- 1 | .so man3/semanage_modify.3 2 | -------------------------------------------------------------------------------- /jni/selinux/libsemanage/man/man3/semanage_iface_query_local.3: -------------------------------------------------------------------------------- 1 | .so man3/semanage_query.3 2 | -------------------------------------------------------------------------------- /jni/selinux/libsemanage/man/man3/semanage_node_count_local.3: -------------------------------------------------------------------------------- 1 | .so man3/semanage_count.3 2 | -------------------------------------------------------------------------------- /jni/selinux/libsemanage/man/man3/semanage_node_exists_local.3: -------------------------------------------------------------------------------- 1 | .so man3/semanage_exists.3 2 | -------------------------------------------------------------------------------- /jni/selinux/libsemanage/man/man3/semanage_node_modify_local.3: -------------------------------------------------------------------------------- 1 | .so man3/semanage_modify.3 2 | -------------------------------------------------------------------------------- /jni/selinux/libsemanage/man/man3/semanage_node_query_local.3: -------------------------------------------------------------------------------- 1 | .so man3/semanage_query.3 2 | -------------------------------------------------------------------------------- /jni/selinux/libsemanage/man/man3/semanage_port_count_local.3: -------------------------------------------------------------------------------- 1 | .so man3/semanage_count.3 2 | -------------------------------------------------------------------------------- /jni/selinux/libsemanage/man/man3/semanage_port_exists_local.3: -------------------------------------------------------------------------------- 1 | .so man3/semanage_exists.3 2 | -------------------------------------------------------------------------------- /jni/selinux/libsemanage/man/man3/semanage_port_modify_local.3: -------------------------------------------------------------------------------- 1 | .so man3/semanage_modify.3 2 | -------------------------------------------------------------------------------- /jni/selinux/libsemanage/man/man3/semanage_port_query_local.3: -------------------------------------------------------------------------------- 1 | .so man3/semanage_query.3 2 | -------------------------------------------------------------------------------- /jni/selinux/libsemanage/man/man3/semanage_seuser_count_local.3: -------------------------------------------------------------------------------- 1 | .so man3/semanage_count.3 2 | -------------------------------------------------------------------------------- /jni/selinux/libsemanage/man/man3/semanage_seuser_iterate.3: -------------------------------------------------------------------------------- 1 | .so man3/semanage_iterate.3 2 | -------------------------------------------------------------------------------- /jni/selinux/libsemanage/man/man3/semanage_seuser_list_local.3: -------------------------------------------------------------------------------- 1 | .so man3/semanage_list.3 2 | -------------------------------------------------------------------------------- /jni/selinux/libsemanage/man/man3/semanage_seuser_query_local.3: -------------------------------------------------------------------------------- 1 | .so man3/semanage_query.3 2 | -------------------------------------------------------------------------------- /jni/selinux/libsemanage/man/man3/semanage_user_count_local.3: -------------------------------------------------------------------------------- 1 | .so man3/semanage_count.3 2 | -------------------------------------------------------------------------------- /jni/selinux/libsemanage/man/man3/semanage_user_exists_local.3: -------------------------------------------------------------------------------- 1 | .so man3/semanage_exists.3 2 | -------------------------------------------------------------------------------- /jni/selinux/libsemanage/man/man3/semanage_user_modify_local.3: -------------------------------------------------------------------------------- 1 | .so man3/semanage_modify.3 2 | -------------------------------------------------------------------------------- /jni/selinux/libsemanage/man/man3/semanage_user_query_local.3: -------------------------------------------------------------------------------- 1 | .so man3/semanage_query.3 2 | -------------------------------------------------------------------------------- /jni/selinux/sandbox/sandbox.config: -------------------------------------------------------------------------------- 1 | # Space separate list of homedirs 2 | HOMEDIRS="/home" 3 | -------------------------------------------------------------------------------- /jni/selinux/libselinux/man/man3/mode_to_security_class.3: -------------------------------------------------------------------------------- 1 | .so man3/security_class_to_string.3 2 | -------------------------------------------------------------------------------- /jni/selinux/libselinux/man/man3/security_check_context_raw.3: -------------------------------------------------------------------------------- 1 | .so man3/security_check_context.3 2 | -------------------------------------------------------------------------------- /jni/selinux/libselinux/man/man3/security_commit_booleans.3: -------------------------------------------------------------------------------- 1 | .so man3/security_load_booleans.3 2 | -------------------------------------------------------------------------------- /jni/selinux/libselinux/man/man3/security_compute_av_flags.3: -------------------------------------------------------------------------------- 1 | .so man3/security_compute_av.3 2 | -------------------------------------------------------------------------------- /jni/selinux/libselinux/man/man3/security_compute_av_flags_raw.3: -------------------------------------------------------------------------------- 1 | .so man3/security_compute_av.3 2 | -------------------------------------------------------------------------------- /jni/selinux/libselinux/man/man3/security_compute_create_name.3: -------------------------------------------------------------------------------- 1 | .so man3/security_compute_av.3 2 | -------------------------------------------------------------------------------- /jni/selinux/libselinux/man/man3/security_compute_create_raw.3: -------------------------------------------------------------------------------- 1 | .so man3/security_compute_av.3 2 | -------------------------------------------------------------------------------- /jni/selinux/libselinux/man/man3/security_compute_member_raw.3: -------------------------------------------------------------------------------- 1 | .so man3/security_compute_av.3 2 | -------------------------------------------------------------------------------- /jni/selinux/libselinux/man/man3/security_compute_relabel_raw.3: -------------------------------------------------------------------------------- 1 | .so man3/security_compute_av.3 2 | -------------------------------------------------------------------------------- /jni/selinux/libselinux/man/man3/security_compute_user_raw.3: -------------------------------------------------------------------------------- 1 | .so man3/security_compute_av.3 2 | -------------------------------------------------------------------------------- /jni/selinux/libselinux/man/man3/security_get_boolean_names.3: -------------------------------------------------------------------------------- 1 | .so man3/security_load_booleans.3 2 | -------------------------------------------------------------------------------- /jni/selinux/libselinux/man/man3/security_get_initial_context.3: -------------------------------------------------------------------------------- 1 | .so man3/security_compute_av.3 2 | -------------------------------------------------------------------------------- /jni/selinux/libselinux/man/man3/selinux_booleans_path.3: -------------------------------------------------------------------------------- 1 | .so man3/selinux_binary_policy_path.3 2 | -------------------------------------------------------------------------------- /jni/selinux/libselinux/man/man3/selinux_check_passwd_access.3: -------------------------------------------------------------------------------- 1 | .so man3/security_compute_av.3 2 | -------------------------------------------------------------------------------- /jni/selinux/libselinux/man/man3/selinux_contexts_path.3: -------------------------------------------------------------------------------- 1 | .so man3/selinux_binary_policy_path.3 2 | -------------------------------------------------------------------------------- /jni/selinux/libselinux/man/man3/selinux_init_load_policy.3: -------------------------------------------------------------------------------- 1 | .so man3/security_load_policy.3 2 | -------------------------------------------------------------------------------- /jni/selinux/libselinux/man/man3/selinux_status_deny_unknown.3: -------------------------------------------------------------------------------- 1 | .so man3/selinux_status_open.3 2 | -------------------------------------------------------------------------------- /jni/selinux/libselinux/man/man3/selinux_status_getenforce.3: -------------------------------------------------------------------------------- 1 | .so man3/selinux_status_open.3 2 | -------------------------------------------------------------------------------- /jni/selinux/libselinux/man/man3/selinux_status_policyload.3: -------------------------------------------------------------------------------- 1 | .so man3/selinux_status_open.3 2 | -------------------------------------------------------------------------------- /jni/selinux/libselinux/man/man3/selinux_usersconf_path.3: -------------------------------------------------------------------------------- 1 | .so man3/selinux_binary_policy_path.3 2 | -------------------------------------------------------------------------------- /jni/selinux/libselinux/man/man3/selinux_x_context_path.3: -------------------------------------------------------------------------------- 1 | .so man3/selinux_binary_policy_path.3 2 | -------------------------------------------------------------------------------- /jni/selinux/libselinux/man/man3/set_matchpathcon_printf.3: -------------------------------------------------------------------------------- 1 | .so man3/set_matchpathcon_flags.3 2 | -------------------------------------------------------------------------------- /jni/selinux/libselinux/man/man3/string_to_security_class.3: -------------------------------------------------------------------------------- 1 | .so man3/security_class_to_string.3 2 | -------------------------------------------------------------------------------- /jni/selinux/libsemanage/.gitignore: -------------------------------------------------------------------------------- 1 | src/conf-parse.c 2 | src/conf-parse.h 3 | src/conf-scan.c 4 | -------------------------------------------------------------------------------- /jni/selinux/libsemanage/man/man3/semanage_bool_iterate_active.3: -------------------------------------------------------------------------------- 1 | .so man3/semanage_iterate.3 2 | -------------------------------------------------------------------------------- /jni/selinux/libsemanage/man/man3/semanage_bool_iterate_local.3: -------------------------------------------------------------------------------- 1 | .so man3/semanage_iterate.3 2 | -------------------------------------------------------------------------------- /jni/selinux/libsemanage/man/man3/semanage_fcontext_count_local.3: -------------------------------------------------------------------------------- 1 | .so man3/semanage_count.3 2 | -------------------------------------------------------------------------------- /jni/selinux/libsemanage/man/man3/semanage_fcontext_exists_local.3: -------------------------------------------------------------------------------- 1 | .so man3/semanage_exists.3 2 | -------------------------------------------------------------------------------- /jni/selinux/libsemanage/man/man3/semanage_fcontext_iterate_local.3: -------------------------------------------------------------------------------- 1 | .so man3/semanage_iterate.3 2 | -------------------------------------------------------------------------------- /jni/selinux/libsemanage/man/man3/semanage_fcontext_modify_local.3: -------------------------------------------------------------------------------- 1 | .so man3/semanage_modify.3 2 | -------------------------------------------------------------------------------- /jni/selinux/libsemanage/man/man3/semanage_fcontext_query_local.3: -------------------------------------------------------------------------------- 1 | .so man3/semanage_query.3 2 | -------------------------------------------------------------------------------- /jni/selinux/libsemanage/man/man3/semanage_iface_iterate_local.3: -------------------------------------------------------------------------------- 1 | .so man3/semanage_iterate.3 2 | -------------------------------------------------------------------------------- /jni/selinux/libsemanage/man/man3/semanage_node_iterate_local.3: -------------------------------------------------------------------------------- 1 | .so man3/semanage_iterate.3 2 | -------------------------------------------------------------------------------- /jni/selinux/libsemanage/man/man3/semanage_port_iterate_local.3: -------------------------------------------------------------------------------- 1 | .so man3/semanage_iterate.3 2 | -------------------------------------------------------------------------------- /jni/selinux/libsemanage/man/man3/semanage_seuser_exists_local.3: -------------------------------------------------------------------------------- 1 | .so man3/semanage_exists.3 2 | -------------------------------------------------------------------------------- /jni/selinux/libsemanage/man/man3/semanage_seuser_iterate_local.3: -------------------------------------------------------------------------------- 1 | .so man3/semanage_iterate.3 2 | -------------------------------------------------------------------------------- /jni/selinux/libsemanage/man/man3/semanage_seuser_modify_local.3: -------------------------------------------------------------------------------- 1 | .so man3/semanage_modify.3 2 | -------------------------------------------------------------------------------- /jni/selinux/libsemanage/man/man3/semanage_user_iterate_local.3: -------------------------------------------------------------------------------- 1 | .so man3/semanage_iterate.3 2 | -------------------------------------------------------------------------------- /jni/selinux/checkpolicy/.gitignore: -------------------------------------------------------------------------------- 1 | checkmodule 2 | checkpolicy 3 | lex.yy.c 4 | y.tab.c 5 | y.tab.h 6 | -------------------------------------------------------------------------------- /jni/selinux/libselinux/man/man3/get_default_context_with_role.3: -------------------------------------------------------------------------------- 1 | .so man3/get_ordered_context_list.3 2 | -------------------------------------------------------------------------------- /jni/selinux/libselinux/man/man3/manual_user_enter_context.3: -------------------------------------------------------------------------------- 1 | .so man3/get_ordered_context_list.3 2 | -------------------------------------------------------------------------------- /jni/selinux/libselinux/man/man3/matchpathcon_filespec_add.3: -------------------------------------------------------------------------------- 1 | .so man3/matchpathcon_checkmatches.3 2 | -------------------------------------------------------------------------------- /jni/selinux/libselinux/man/man3/matchpathcon_filespec_eval.3: -------------------------------------------------------------------------------- 1 | .so man3/matchpathcon_checkmatches.3 2 | -------------------------------------------------------------------------------- /jni/selinux/libselinux/man/man3/security_av_perm_to_string.3: -------------------------------------------------------------------------------- 1 | .so man3/security_class_to_string.3 2 | -------------------------------------------------------------------------------- /jni/selinux/libselinux/man/man3/security_compute_create_name_raw.3: -------------------------------------------------------------------------------- 1 | .so man3/security_compute_av.3 2 | -------------------------------------------------------------------------------- /jni/selinux/libselinux/man/man3/security_get_boolean_active.3: -------------------------------------------------------------------------------- 1 | .so man3/security_load_booleans.3 2 | -------------------------------------------------------------------------------- /jni/selinux/libselinux/man/man3/security_get_boolean_pending.3: -------------------------------------------------------------------------------- 1 | .so man3/security_load_booleans.3 2 | -------------------------------------------------------------------------------- /jni/selinux/libselinux/man/man3/security_get_initial_context_raw.3: -------------------------------------------------------------------------------- 1 | .so man3/security_compute_av.3 2 | -------------------------------------------------------------------------------- /jni/selinux/libselinux/man/man3/selinux_current_policy_path.3: -------------------------------------------------------------------------------- 1 | .so man3/selinux_binary_policy_path.3 2 | -------------------------------------------------------------------------------- /jni/selinux/libselinux/man/man3/selinux_default_type_path.3: -------------------------------------------------------------------------------- 1 | .so man3/selinux_binary_policy_path.3 2 | -------------------------------------------------------------------------------- /jni/selinux/libselinux/man/man3/selinux_file_context_path.3: -------------------------------------------------------------------------------- 1 | .so man3/selinux_binary_policy_path.3 2 | -------------------------------------------------------------------------------- /jni/selinux/libselinux/man/man3/selinux_media_context_path.3: -------------------------------------------------------------------------------- 1 | .so man3/selinux_binary_policy_path.3 2 | -------------------------------------------------------------------------------- /jni/selinux/libselinux/man/man3/selinux_user_contexts_path.3: -------------------------------------------------------------------------------- 1 | .so man3/selinux_binary_policy_path.3 2 | -------------------------------------------------------------------------------- /jni/selinux/libselinux/man/man3/set_matchpathcon_invalidcon.3: -------------------------------------------------------------------------------- 1 | .so man3/set_matchpathcon_flags.3 2 | -------------------------------------------------------------------------------- /jni/selinux/libsepol/tests/policies/.gitignore: -------------------------------------------------------------------------------- 1 | test-downgrade/ 2 | test-*/*.mls 3 | test-*/*.std 4 | -------------------------------------------------------------------------------- /jni/Application.mk: -------------------------------------------------------------------------------- 1 | APP_ABI := armeabi-v7a 2 | APP_PLATFORM := android-21 3 | NDK_TOOLCHAIN_VERSION=clang 4 | -------------------------------------------------------------------------------- /jni/selinux/libselinux/man/man3/get_default_context_with_level.3: -------------------------------------------------------------------------------- 1 | .so man3/get_ordered_context_list.3 2 | -------------------------------------------------------------------------------- /jni/selinux/libselinux/man/man3/get_default_context_with_rolelevel.3: -------------------------------------------------------------------------------- 1 | .so man3/get_ordered_context_list.3 2 | -------------------------------------------------------------------------------- /jni/selinux/libselinux/man/man3/matchpathcon_filespec_destroy.3: -------------------------------------------------------------------------------- 1 | .so man3/matchpathcon_checkmatches.3 2 | -------------------------------------------------------------------------------- /jni/selinux/libselinux/man/man3/selabel_lookup_best_match_raw.3: -------------------------------------------------------------------------------- 1 | .so man3/selabel_lookup_best_match.3 2 | -------------------------------------------------------------------------------- /jni/selinux/libselinux/man/man3/selinux_default_context_path.3: -------------------------------------------------------------------------------- 1 | .so man3/selinux_binary_policy_path.3 2 | -------------------------------------------------------------------------------- /jni/selinux/libselinux/man/man3/selinux_failsafe_context_path.3: -------------------------------------------------------------------------------- 1 | .so man3/selinux_binary_policy_path.3 2 | -------------------------------------------------------------------------------- /jni/selinux/libselinux/man/man3/selinux_file_context_local_path.3: -------------------------------------------------------------------------------- 1 | .so man3/selinux_binary_policy_path.3 2 | -------------------------------------------------------------------------------- /jni/selinux/libselinux/man/man3/selinux_homedir_context_path.3: -------------------------------------------------------------------------------- 1 | .so man3/selinux_binary_policy_path.3 2 | -------------------------------------------------------------------------------- /jni/selinux/libselinux/man/man3/selinux_netfilter_context_path.3: -------------------------------------------------------------------------------- 1 | .so man3/selinux_binary_policy_path.3 2 | -------------------------------------------------------------------------------- /jni/selinux/libselinux/man/man3/selinux_removable_context_path.3: -------------------------------------------------------------------------------- 1 | .so man3/selinux_binary_policy_path.3 2 | -------------------------------------------------------------------------------- /jni/selinux/libselinux/man/man3/selinux_securetty_types_path.3: -------------------------------------------------------------------------------- 1 | .so man3/selinux_binary_policy_path.3 2 | -------------------------------------------------------------------------------- /jni/selinux/gui/sepolicy_16.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jpacg/su-binary/HEAD/jni/selinux/gui/sepolicy_16.png -------------------------------------------------------------------------------- /jni/selinux/gui/sepolicy_22.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jpacg/su-binary/HEAD/jni/selinux/gui/sepolicy_22.png -------------------------------------------------------------------------------- /jni/selinux/gui/sepolicy_32.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jpacg/su-binary/HEAD/jni/selinux/gui/sepolicy_32.png -------------------------------------------------------------------------------- /jni/selinux/gui/sepolicy_48.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jpacg/su-binary/HEAD/jni/selinux/gui/sepolicy_48.png -------------------------------------------------------------------------------- /jni/selinux/libselinux/man/man3/get_ordered_context_list_with_level.3: -------------------------------------------------------------------------------- 1 | .so man3/get_ordered_context_list.3 2 | -------------------------------------------------------------------------------- /jni/selinux/libselinux/man/man3/selinux_file_context_homedir_path.3: -------------------------------------------------------------------------------- 1 | .so man3/selinux_binary_policy_path.3 2 | -------------------------------------------------------------------------------- /jni/selinux/gui/sepolicy_256.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jpacg/su-binary/HEAD/jni/selinux/gui/sepolicy_256.png -------------------------------------------------------------------------------- /jni/selinux/python/sepolgen/tests/.gitignore: -------------------------------------------------------------------------------- 1 | module_compile_test.fc 2 | module_compile_test.if 3 | output 4 | tmp/ 5 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | bin 2 | armeabi 3 | x86 4 | obj 5 | local.properties 6 | gen 7 | .DS_Store 8 | .settings 9 | libs 10 | -------------------------------------------------------------------------------- /jni/selinux/CleanSpec.mk: -------------------------------------------------------------------------------- 1 | # This empty CleanSpec.mk file will prevent the build system 2 | # from descending into subdirs. 3 | -------------------------------------------------------------------------------- /jni/selinux/secilc/docs/cil_design.dia: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jpacg/su-binary/HEAD/jni/selinux/secilc/docs/cil_design.dia -------------------------------------------------------------------------------- /jni/selinux/gui/system-config-selinux.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jpacg/su-binary/HEAD/jni/selinux/gui/system-config-selinux.png -------------------------------------------------------------------------------- /jni/selinux/python/sepolicy/sepolicy/help/booleans_more_show.txt: -------------------------------------------------------------------------------- 1 | You are viewing the booleans page for the application domain. 2 | -------------------------------------------------------------------------------- /jni/selinux/secilc/docs/cil_design.jpeg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jpacg/su-binary/HEAD/jni/selinux/secilc/docs/cil_design.jpeg -------------------------------------------------------------------------------- /jni/selinux/libselinux/src/.gitignore: -------------------------------------------------------------------------------- 1 | selinux.py 2 | selinuxswig_wrap.c 3 | selinuxswig_python_exception.i 4 | selinuxswig_ruby_wrap.c 5 | -------------------------------------------------------------------------------- /jni/selinux/python/sepolicy/sepolicy/help/system.txt: -------------------------------------------------------------------------------- 1 | This screen allows you to view modify the way SELinux is running on your system. 2 | -------------------------------------------------------------------------------- /jni/selinux/sandbox/sandbox.conf: -------------------------------------------------------------------------------- 1 | # Control group configuration 2 | NAME=sandbox 3 | CPUAFFINITY=ALL 4 | MEMUSAGE=80% 5 | CPUUSAGE=80% 6 | -------------------------------------------------------------------------------- /jni/selinux/gui/system-config-selinux: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | exec /usr/bin/pkexec /usr/share/system-config-selinux/system-config-selinux.py 4 | -------------------------------------------------------------------------------- /jni/selinux/libsemanage/src/.gitignore: -------------------------------------------------------------------------------- 1 | semanageswig_wrap.c 2 | semanageswig_python_exception.i 3 | semanage.py 4 | semanageswig_ruby_wrap.c 5 | -------------------------------------------------------------------------------- /jni/selinux/libsepol/cil/test/integration_testing/small.cil: -------------------------------------------------------------------------------- 1 | (class foo (read)) 2 | 3 | (type bar) 4 | (allow bar self (foo (read))) 5 | 6 | -------------------------------------------------------------------------------- /jni/selinux/restorecond/org.selinux.Restorecond.service: -------------------------------------------------------------------------------- 1 | [D-BUS Service] 2 | Name=org.selinux.Restorecond 3 | Exec=/usr/sbin/restorecond -u 4 | -------------------------------------------------------------------------------- /jni/selinux/dbus/org.selinux.service: -------------------------------------------------------------------------------- 1 | [D-BUS Service] 2 | Name=org.selinux 3 | Exec=/usr/share/system-config-selinux/selinux_server.py 4 | User=root 5 | -------------------------------------------------------------------------------- /jni/selinux/python/sepolicy/sepolicy/help/login.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jpacg/su-binary/HEAD/jni/selinux/python/sepolicy/sepolicy/help/login.png -------------------------------------------------------------------------------- /jni/selinux/python/sepolicy/sepolicy/help/start.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jpacg/su-binary/HEAD/jni/selinux/python/sepolicy/sepolicy/help/start.png -------------------------------------------------------------------------------- /jni/selinux/python/sepolicy/sepolicy/help/users.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jpacg/su-binary/HEAD/jni/selinux/python/sepolicy/sepolicy/help/users.png -------------------------------------------------------------------------------- /jni/selinux/python/sepolicy/sepolicy/help/system.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jpacg/su-binary/HEAD/jni/selinux/python/sepolicy/sepolicy/help/system.png -------------------------------------------------------------------------------- /jni/selinux/mcstrans/share/examples/urcsts-via-include/setrans.d/s.conf: -------------------------------------------------------------------------------- 1 | # UNCLASSIFIED 2 | 3 | s7=SECRET 4 | s7=S E C R E T 5 | s7=S 6 | 7 | # UNCLASSIFIED 8 | -------------------------------------------------------------------------------- /jni/selinux/mcstrans/share/examples/urcsts-via-include/setrans.d/u.conf: -------------------------------------------------------------------------------- 1 | # UNCLASSIFIED 2 | 3 | s1=UNCLASSIFIED 4 | s1=UNCLAS 5 | s1=U 6 | 7 | # UNCLASSIFIED 8 | -------------------------------------------------------------------------------- /jni/selinux/python/sepolicy/sepolicy/help/booleans.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jpacg/su-binary/HEAD/jni/selinux/python/sepolicy/sepolicy/help/booleans.png -------------------------------------------------------------------------------- /jni/selinux/python/sepolicy/sepolicy/help/file_equiv.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jpacg/su-binary/HEAD/jni/selinux/python/sepolicy/sepolicy/help/file_equiv.png -------------------------------------------------------------------------------- /jni/selinux/python/sepolicy/sepolicy/help/files_apps.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jpacg/su-binary/HEAD/jni/selinux/python/sepolicy/sepolicy/help/files_apps.png -------------------------------------------------------------------------------- /jni/selinux/python/sepolicy/sepolicy/help/files_exec.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jpacg/su-binary/HEAD/jni/selinux/python/sepolicy/sepolicy/help/files_exec.png -------------------------------------------------------------------------------- /jni/selinux/python/sepolicy/sepolicy/help/lockdown.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jpacg/su-binary/HEAD/jni/selinux/python/sepolicy/sepolicy/help/lockdown.png -------------------------------------------------------------------------------- /jni/selinux/libselinux/src/get_default_type_internal.h: -------------------------------------------------------------------------------- 1 | #include 2 | #include "dso.h" 3 | 4 | hidden_proto(selinux_default_type_path) 5 | -------------------------------------------------------------------------------- /jni/selinux/python/sepolicy/sepolicy/help/files_write.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jpacg/su-binary/HEAD/jni/selinux/python/sepolicy/sepolicy/help/files_write.png -------------------------------------------------------------------------------- /jni/selinux/secilc/.gitignore: -------------------------------------------------------------------------------- 1 | secilc 2 | secilc.8 3 | secil2conf 4 | secil2conf.8 5 | policy.* 6 | file_contexts 7 | docs/html 8 | docs/pdf 9 | docs/tmp 10 | -------------------------------------------------------------------------------- /jni/selinux/mcstrans/share/examples/urcsts-via-include/setrans.d/r.conf: -------------------------------------------------------------------------------- 1 | # UNCLASSIFIED 2 | 3 | s3=RESTRICTED 4 | s3=R E S T R I C T E D 5 | s3=R 6 | 7 | # UNCLASSIFIED 8 | -------------------------------------------------------------------------------- /jni/selinux/mcstrans/share/examples/urcsts-via-include/setrans.d/system.conf: -------------------------------------------------------------------------------- 1 | # UNCLASSIFIED 2 | 3 | s0=SystemLow 4 | s15:c0.c1023=SystemHigh 5 | 6 | # UNCLASSIFIED 7 | -------------------------------------------------------------------------------- /jni/selinux/python/sepolicy/sepolicy/help/booleans_more.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jpacg/su-binary/HEAD/jni/selinux/python/sepolicy/sepolicy/help/booleans_more.png -------------------------------------------------------------------------------- /jni/selinux/python/sepolicy/sepolicy/help/lockdown_ptrace.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jpacg/su-binary/HEAD/jni/selinux/python/sepolicy/sepolicy/help/lockdown_ptrace.png -------------------------------------------------------------------------------- /jni/selinux/python/sepolicy/sepolicy/help/login_default.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jpacg/su-binary/HEAD/jni/selinux/python/sepolicy/sepolicy/help/login_default.png -------------------------------------------------------------------------------- /jni/selinux/python/sepolicy/sepolicy/help/ports_inbound.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jpacg/su-binary/HEAD/jni/selinux/python/sepolicy/sepolicy/help/ports_inbound.png -------------------------------------------------------------------------------- /jni/selinux/python/sepolicy/sepolicy/help/ports_outbound.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jpacg/su-binary/HEAD/jni/selinux/python/sepolicy/sepolicy/help/ports_outbound.png -------------------------------------------------------------------------------- /jni/selinux/python/sepolicy/sepolicy/help/system_export.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jpacg/su-binary/HEAD/jni/selinux/python/sepolicy/sepolicy/help/system_export.png -------------------------------------------------------------------------------- /jni/selinux/python/sepolicy/sepolicy/help/system_relabel.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jpacg/su-binary/HEAD/jni/selinux/python/sepolicy/sepolicy/help/system_relabel.png -------------------------------------------------------------------------------- /jni/selinux/python/sepolicy/sepolicy/help/transition_file.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jpacg/su-binary/HEAD/jni/selinux/python/sepolicy/sepolicy/help/transition_file.png -------------------------------------------------------------------------------- /jni/selinux/python/sepolicy/sepolicy/help/transition_from.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jpacg/su-binary/HEAD/jni/selinux/python/sepolicy/sepolicy/help/transition_from.png -------------------------------------------------------------------------------- /jni/selinux/python/sepolicy/sepolicy/help/transition_to.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jpacg/su-binary/HEAD/jni/selinux/python/sepolicy/sepolicy/help/transition_to.png -------------------------------------------------------------------------------- /jni/selinux/restorecond/restorecond_user.conf: -------------------------------------------------------------------------------- 1 | ~/* 2 | ~/public_html/* 3 | ~/.gnome2/* 4 | ~/local/* 5 | ~/.fonts/* 6 | ~/.cache/* 7 | ~/.config/* 8 | ~/.local/share/* 9 | -------------------------------------------------------------------------------- /jni/selinux/python/sepolicy/sepolicy/help/booleans_toggled.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jpacg/su-binary/HEAD/jni/selinux/python/sepolicy/sepolicy/help/booleans_toggled.png -------------------------------------------------------------------------------- /jni/selinux/python/sepolicy/sepolicy/help/system_boot_mode.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jpacg/su-binary/HEAD/jni/selinux/python/sepolicy/sepolicy/help/system_boot_mode.png -------------------------------------------------------------------------------- /jni/selinux/mcstrans/share/examples/urcsts-via-include/setrans.d/c.conf: -------------------------------------------------------------------------------- 1 | # UNCLASSIFIED 2 | 3 | s5=CONFIDENTIAL 4 | s5=C O N F I D E N T I A L 5 | s5=C 6 | 7 | # UNCLASSIFIED 8 | -------------------------------------------------------------------------------- /jni/selinux/python/sepolicy/sepolicy/help/booleans_more_show.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jpacg/su-binary/HEAD/jni/selinux/python/sepolicy/sepolicy/help/booleans_more_show.png -------------------------------------------------------------------------------- /jni/selinux/python/sepolicy/sepolicy/help/lockdown_permissive.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jpacg/su-binary/HEAD/jni/selinux/python/sepolicy/sepolicy/help/lockdown_permissive.png -------------------------------------------------------------------------------- /jni/selinux/python/sepolicy/sepolicy/help/lockdown_unconfined.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jpacg/su-binary/HEAD/jni/selinux/python/sepolicy/sepolicy/help/lockdown_unconfined.png -------------------------------------------------------------------------------- /jni/selinux/python/sepolicy/sepolicy/help/system_current_mode.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jpacg/su-binary/HEAD/jni/selinux/python/sepolicy/sepolicy/help/system_current_mode.png -------------------------------------------------------------------------------- /jni/selinux/python/sepolicy/sepolicy/help/system_policy_type.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jpacg/su-binary/HEAD/jni/selinux/python/sepolicy/sepolicy/help/system_policy_type.png -------------------------------------------------------------------------------- /jni/selinux/libsepol/src/module_internal.h: -------------------------------------------------------------------------------- 1 | #include 2 | #include "dso.h" 3 | 4 | hidden_proto(sepol_module_package_create) 5 | hidden_proto(sepol_module_package_free) 6 | -------------------------------------------------------------------------------- /jni/selinux/python/sepolicy/sepolicy/help/transition_from_boolean.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jpacg/su-binary/HEAD/jni/selinux/python/sepolicy/sepolicy/help/transition_from_boolean.png -------------------------------------------------------------------------------- /jni/selinux/python/sepolicy/sepolicy/help/transition_from_boolean_1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jpacg/su-binary/HEAD/jni/selinux/python/sepolicy/sepolicy/help/transition_from_boolean_1.png -------------------------------------------------------------------------------- /jni/selinux/python/sepolicy/sepolicy/help/transition_from_boolean_2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jpacg/su-binary/HEAD/jni/selinux/python/sepolicy/sepolicy/help/transition_from_boolean_2.png -------------------------------------------------------------------------------- /jni/selinux/libsepol/include/sepol/kernel_to_cil.h: -------------------------------------------------------------------------------- 1 | #include 2 | 3 | #include 4 | 5 | int sepol_kernel_policydb_to_cil(FILE *fp, struct policydb *pdb); 6 | -------------------------------------------------------------------------------- /jni/selinux/libsepol/include/sepol/kernel_to_conf.h: -------------------------------------------------------------------------------- 1 | #include 2 | 3 | #include 4 | 5 | int sepol_kernel_policydb_to_conf(FILE *fp, struct policydb *pdb); 6 | -------------------------------------------------------------------------------- /jni/selinux/mcstrans/src/README: -------------------------------------------------------------------------------- 1 | To rebuild with debugging support: 2 | make clean && env CFLAGS="-Wall -W -Wundef -Wmissing-noreturn -Wmissing-format-attribute -DDEBUG -g" LDFLAGS="-g" make 3 | 4 | -------------------------------------------------------------------------------- /jni/selinux/restorecond/restorecond.conf: -------------------------------------------------------------------------------- 1 | /etc/services 2 | /etc/resolv.conf 3 | /etc/samba/secrets.tdb 4 | /etc/updatedb.conf 5 | /var/run/utmp 6 | /var/log/wtmp 7 | /root/* 8 | /root/.ssh/* 9 | -------------------------------------------------------------------------------- /jni/selinux/mcstrans/share/examples/urcsts-via-include/setrans.d/ts.conf: -------------------------------------------------------------------------------- 1 | # UNCLASSIFIED 2 | 3 | s9=TOP SECRET 4 | s9=T O P S E C R E T 5 | s9=T O P S E C R E T 6 | s9=TS 7 | 8 | # UNCLASSIFIED 9 | -------------------------------------------------------------------------------- /jni/selinux/libsepol/tests/policies/test-expander/alias-module.conf: -------------------------------------------------------------------------------- 1 | module my_module 1.0; 2 | 3 | require { 4 | type alias_check_3_t; 5 | } 6 | 7 | typealias alias_check_3_t alias alias_check_3_a; 8 | 9 | -------------------------------------------------------------------------------- /jni/selinux/policycoreutils/hll/Makefile: -------------------------------------------------------------------------------- 1 | SUBDIRS = pp 2 | 3 | all install relabel clean indent: 4 | @for subdir in $(SUBDIRS); do \ 5 | (cd $$subdir && $(MAKE) $@) || exit 1; \ 6 | done 7 | 8 | test: 9 | -------------------------------------------------------------------------------- /jni/selinux/libsepol/src/av_permissions.h: -------------------------------------------------------------------------------- 1 | /* Used by security_compute_av. */ 2 | #define PROCESS__TRANSITION 0x00000002UL 3 | #define PROCESS__DYNTRANSITION 0x00800000UL 4 | -------------------------------------------------------------------------------- /jni/selinux/python/sepolgen/tests/module_compile_test.te: -------------------------------------------------------------------------------- 1 | module module_compile_test 1.0; 2 | 3 | require { 4 | type foo, bar; 5 | class file { read write }; 6 | } 7 | 8 | allow foo bar : file { read write }; 9 | -------------------------------------------------------------------------------- /jni/selinux/semodule-utils/.gitignore: -------------------------------------------------------------------------------- 1 | semodule_package/semodule_package 2 | semodule_package/semodule_unpackage 3 | semodule_deps/semodule_deps 4 | semodule_expand/semodule_expand 5 | semodule_link/semodule_link 6 | -------------------------------------------------------------------------------- /jni/selinux/libsepol/tests/policies/test-expander/user-module.conf: -------------------------------------------------------------------------------- 1 | module my_module 1.0; 2 | 3 | require { 4 | class file {read write}; 5 | ifdef(`enable_mls',` 6 | user user_check_1; 7 | ') 8 | } 9 | 10 | -------------------------------------------------------------------------------- /jni/selinux/python/sepolicy/sepolicy/help/transition_from_boolean_2.txt: -------------------------------------------------------------------------------- 1 | This screen shows you the boolean page with the boolean selected. 2 | 3 | 4 | Enable or disable the boolean to turn on or off the transition. 5 | -------------------------------------------------------------------------------- /jni/selinux/libsemanage/tests/test_utilities.h: -------------------------------------------------------------------------------- 1 | #include 2 | 3 | int semanage_utilities_test_init(void); 4 | int semanage_utilities_test_cleanup(void); 5 | int semanage_utilities_add_tests(CU_pSuite suite); 6 | -------------------------------------------------------------------------------- /jni/selinux/libsepol/cil/.gitignore: -------------------------------------------------------------------------------- 1 | *.swp 2 | *.gcda 3 | *.gcno 4 | *.o 5 | *.a 6 | src/cil_lexer.c 7 | unit_tests 8 | cov 9 | secilc 10 | docs/pdf/ 11 | docs/html/ 12 | docs/man8/ 13 | policy.* 14 | file_contexts 15 | -------------------------------------------------------------------------------- /jni/selinux/libselinux/utils/selinuxenabled.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | #include 4 | #include 5 | 6 | int main(void) 7 | { 8 | return !is_selinux_enabled(); 9 | } 10 | -------------------------------------------------------------------------------- /jni/selinux/libsepol/cil/src/cil_reset_ast.h: -------------------------------------------------------------------------------- 1 | #ifndef CIL_RESET_AST_H_ 2 | #define CIL_RESET_AST_H_ 3 | 4 | #include "cil_tree.h" 5 | 6 | int cil_reset_ast(struct cil_tree_node *current); 7 | 8 | #endif /* CIL_RESET_AST_H_ */ 9 | -------------------------------------------------------------------------------- /jni/selinux/libsepol/tests/policies/test-deps/modreq-attr-global.conf: -------------------------------------------------------------------------------- 1 | module modreq_attr_global 1.0; 2 | 3 | require { 4 | attribute attr_req; 5 | } 6 | 7 | type mod_global_t; 8 | 9 | type new_t, attr_req; 10 | 11 | -------------------------------------------------------------------------------- /jni/selinux/python/sepolgen/src/share/Makefile: -------------------------------------------------------------------------------- 1 | SHAREDIR ?= $(DESTDIR)/var/lib/sepolgen 2 | 3 | all: 4 | 5 | install: all 6 | -mkdir -p $(SHAREDIR) 7 | install -m 644 perm_map $(SHAREDIR) 8 | 9 | clean: 10 | rm -f *~ -------------------------------------------------------------------------------- /jni/selinux/policycoreutils/.tx/config: -------------------------------------------------------------------------------- 1 | [main] 2 | host = https://www.transifex.com 3 | 4 | [policycoreutils.policycoreutils] 5 | file_filter = po/.po 6 | source_file = po/policycoreutils.pot 7 | source_lang = en 8 | type = PO 9 | -------------------------------------------------------------------------------- /jni/selinux/python/Makefile: -------------------------------------------------------------------------------- 1 | SUBDIRS = sepolicy audit2allow semanage sepolgen chcat 2 | 3 | all install relabel clean indent: 4 | @for subdir in $(SUBDIRS); do \ 5 | (cd $$subdir && $(MAKE) $@) || exit 1; \ 6 | done 7 | 8 | test: 9 | -------------------------------------------------------------------------------- /jni/selinux/libselinux/src/freecon.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include "selinux_internal.h" 3 | #include 4 | #include 5 | 6 | void freecon(char * con) 7 | { 8 | free(con); 9 | } 10 | 11 | hidden_def(freecon) 12 | -------------------------------------------------------------------------------- /jni/selinux/policycoreutils/newrole/newrole-lspp.pamd: -------------------------------------------------------------------------------- 1 | #%PAM-1.0 2 | auth include system-auth 3 | account include system-auth 4 | password include system-auth 5 | session required pam_namespace.so unmnt_remnt no_unmount_on_close 6 | -------------------------------------------------------------------------------- /jni/selinux/mcstrans/share/examples/non-mls-color/README: -------------------------------------------------------------------------------- 1 | Non-MLS color example 2 | 3 | To use: 4 | cp secolor.conf /etc/selinux/mls/ 5 | run_init /etc/init.d/mcstrans restart 6 | 7 | To test: 8 | /usr/share/mcstrans/util/mlscolor-test non-mls.color 9 | -------------------------------------------------------------------------------- /jni/selinux/libsepol/tests/policies/test-expander/role-module.conf: -------------------------------------------------------------------------------- 1 | module my_module 1.0; 2 | 3 | require { 4 | class file {read write}; 5 | role role_check_1; 6 | } 7 | 8 | type role_check_1_2_t; 9 | role role_check_1 types role_check_1_2_t; 10 | -------------------------------------------------------------------------------- /jni/selinux/mcstrans/share/examples/pipes/setrans.d/pipes.conf: -------------------------------------------------------------------------------- 1 | ModifierGroup=Pipes 2 | Prefix=Handle Via 3 | Suffix=Pipes Only 4 | Suffix=Pipes 5 | Whitespace=, 6 | Join=, 7 | 8 | c101=Plastic 9 | c102=Iron 10 | c103=Copper 11 | c104=Galvanized 12 | -------------------------------------------------------------------------------- /jni/selinux/restorecond/restorecond.desktop: -------------------------------------------------------------------------------- 1 | [Desktop Entry] 2 | Name=File Context maintainer 3 | Exec=/usr/sbin/restorecond -u 4 | Comment=Fix file context in owned by the user 5 | Type=Application 6 | StartupNotify=false 7 | X-GNOME-Autostart-enabled=false 8 | -------------------------------------------------------------------------------- /jni/selinux/semodule-utils/Makefile: -------------------------------------------------------------------------------- 1 | SUBDIRS = semodule_package semodule_link semodule_expand semodule_deps 2 | 3 | all install relabel clean indent: 4 | @for subdir in $(SUBDIRS); do \ 5 | (cd $$subdir && $(MAKE) $@) || exit 1; \ 6 | done 7 | 8 | test: 9 | -------------------------------------------------------------------------------- /jni/selinux/mcstrans/share/examples/default/README: -------------------------------------------------------------------------------- 1 | Original RHEL 5 setrans.conf 2 | 3 | To use: 4 | cp setrans.conf /etc/selinux/mls/setrans.conf 5 | run_init /etc/init.d/mcstrans restart 6 | 7 | To test: 8 | /usr/share/mcstrans/util/mlstrans-test default.test 9 | -------------------------------------------------------------------------------- /jni/selinux/policycoreutils/man/Makefile: -------------------------------------------------------------------------------- 1 | # Installation directories. 2 | MAN5DIR ?= $(DESTDIR)/usr/share/man/man5 3 | 4 | all: 5 | 6 | clean: 7 | 8 | install: all 9 | mkdir -p $(MAN5DIR) 10 | install -m 644 man5/*.5 $(MAN5DIR) 11 | 12 | relabel: 13 | -------------------------------------------------------------------------------- /jni/selinux/python/sepolicy/sepolicy/help/booleans_more.txt: -------------------------------------------------------------------------------- 1 | You are viewing the booleans page for the application domain. 2 | 3 | 4 | Selecting the 'More...' button will open a dialog containing the SELinux allow rules that are turned on by the selected boolean. 5 | -------------------------------------------------------------------------------- /jni/selinux/libsepol/tests/policies/test-deps/modreq-perm-global.conf: -------------------------------------------------------------------------------- 1 | module modreq_perm_global 1.0; 2 | 3 | require { 4 | class msg { send receive }; 5 | } 6 | 7 | type mod_global_t; 8 | type a_t; 9 | type b_t; 10 | allow a_t b_t: msg { send receive }; 11 | -------------------------------------------------------------------------------- /jni/selinux/mcstrans/utils/callgrind-mcstransd: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | service mcstrans stop 3 | cd ~root 4 | runcon -u system_u -r system_r -t setrans_t -l s15:c0.c1023 -- valgrind --tool=callgrind /usr/src/redhat/BUILD/*/src/mcstransd 5 | run_init /etc/init.d/mcstrans start 6 | -------------------------------------------------------------------------------- /jni/selinux/libselinux/src/get_context_list_internal.h: -------------------------------------------------------------------------------- 1 | #include 2 | #include "dso.h" 3 | 4 | hidden_proto(get_ordered_context_list) 5 | hidden_proto(get_ordered_context_list_with_level) 6 | hidden_proto(get_default_context_with_role) 7 | -------------------------------------------------------------------------------- /jni/selinux/mcstrans/man/Makefile: -------------------------------------------------------------------------------- 1 | # Installation directories. 2 | MAN8DIR ?= $(DESTDIR)/usr/share/man/man8 3 | 4 | all: 5 | 6 | install: all 7 | mkdir -p $(MAN8DIR) 8 | install -m 644 man8/*.8 $(MAN8DIR) 9 | 10 | clean: 11 | -rm -f *~ \#* 12 | -rm -f man8/*~ man8/\#* 13 | -------------------------------------------------------------------------------- /jni/selinux/mcstrans/share/examples/nato/setrans.d/constraints.conf: -------------------------------------------------------------------------------- 1 | # UNCLASSIFIED 2 | 3 | # These constraints apply to computed translations, 4 | # not cached or preset translations. 5 | # 6 | 7 | # nato and non-nato are incompatible 8 | c0!c1 9 | 10 | #UNCLASSIFIED 11 | -------------------------------------------------------------------------------- /jni/selinux/libsepol/tests/policies/test-deps/modreq-role-global.conf: -------------------------------------------------------------------------------- 1 | module modreq_role_global 1.0; 2 | 3 | require { 4 | role role_req_r, user_r; 5 | } 6 | 7 | type mod_global_t; 8 | 9 | type a_t; 10 | 11 | # role role_req_r types a_t; 12 | allow role_req_r user_r; 13 | 14 | -------------------------------------------------------------------------------- /jni/selinux/policycoreutils/Makefile: -------------------------------------------------------------------------------- 1 | SUBDIRS = setfiles load_policy newrole run_init secon sestatus semodule setsebool scripts po man hll 2 | 3 | all install relabel clean indent: 4 | @for subdir in $(SUBDIRS); do \ 5 | (cd $$subdir && $(MAKE) $@) || exit 1; \ 6 | done 7 | 8 | test: 9 | -------------------------------------------------------------------------------- /jni/selinux/mcstrans/src/mcstrans.service: -------------------------------------------------------------------------------- 1 | [Unit] 2 | Description=Translates SELinux MCS/MLS labels to human readable form 3 | ConditionSecurity=selinux 4 | 5 | [Service] 6 | ExecStart=/sbin/mcstransd -f 7 | RuntimeDirectory=setrans 8 | 9 | [Install] 10 | WantedBy=multi-user.target 11 | -------------------------------------------------------------------------------- /jni/selinux/libsepol/tests/policies/test-deps/modreq-type-global.conf: -------------------------------------------------------------------------------- 1 | module modreq_type_global 1.0; 2 | 3 | require { 4 | type type_req_t; 5 | class file { read write }; 6 | } 7 | 8 | type mod_global_t; 9 | 10 | type test_t; 11 | 12 | allow test_t type_req_t : file { read write }; 13 | -------------------------------------------------------------------------------- /jni/selinux/python/sepolicy/sepolicy/help/transition_from_boolean_1.txt: -------------------------------------------------------------------------------- 1 | After selecting the arrow under Boolean Enabled column, the line will expand to show a link which you can click. This will take you to the booleans page and allow you to enable the boolean which will enable or disable the transition. 2 | -------------------------------------------------------------------------------- /jni/selinux/libsepol/tests/policies/test-deps/modreq-obj-global.conf: -------------------------------------------------------------------------------- 1 | module modreq_obj_global 1.0; 2 | 3 | require { 4 | class sem { create destroy }; 5 | } 6 | 7 | type mod_global_t; 8 | 9 | type mod_foo_t; 10 | type mod_bar_t; 11 | 12 | allow mod_foo_t mod_bar_t : sem { create destroy }; 13 | 14 | -------------------------------------------------------------------------------- /jni/selinux/policycoreutils/.gitignore: -------------------------------------------------------------------------------- 1 | load_policy/load_policy 2 | newrole/newrole 3 | run_init/open_init_pty 4 | run_init/run_init 5 | secon/secon 6 | semodule/semodule 7 | sestatus/sestatus 8 | setfiles/restorecon 9 | setfiles/restorecon_xattr 10 | setfiles/setfiles 11 | setsebool/setsebool 12 | hll/pp/pp 13 | -------------------------------------------------------------------------------- /jni/selinux/python/sepolgen/Makefile: -------------------------------------------------------------------------------- 1 | all: ; 2 | 3 | install: 4 | $(MAKE) -C src $@ 5 | 6 | relabel: ; 7 | 8 | clean: 9 | $(MAKE) -C src $@ 10 | $(MAKE) -C tests $@ 11 | rm -f *~ *.pyc 12 | rm -f parser.out parsetab.py 13 | 14 | indent: ; 15 | 16 | test: 17 | $(MAKE) -C tests $@ 18 | 19 | 20 | 21 | -------------------------------------------------------------------------------- /jni/selinux/libsepol/tests/policies/test-deps/modreq-attr-opt.conf: -------------------------------------------------------------------------------- 1 | module modreq_attr_opt 1.0; 2 | 3 | require { 4 | class file {read write}; 5 | 6 | } 7 | 8 | type mod_global_t; 9 | 10 | optional { 11 | require { 12 | attribute attr_req; 13 | } 14 | type mod_opt_t; 15 | type new_t, attr_req; 16 | } 17 | -------------------------------------------------------------------------------- /jni/su/setproctitle.h: -------------------------------------------------------------------------------- 1 | 2 | /* 3 | * Copyright (C) Igor Sysoev 4 | * Copyright (C) Nginx, Inc. 5 | */ 6 | 7 | 8 | #ifndef _SETPROCTITLE_H_INCLUDED_ 9 | #define _SETPROCTITLE_H_INCLUDED_ 10 | 11 | int init_setproctitle(); 12 | void setproctitle(char *title); 13 | 14 | #endif /* _SETPROCTITLE_H_INCLUDED_ */ 15 | -------------------------------------------------------------------------------- /jni/selinux/libsepol/tests/policies/test-deps/modreq-bool-global.conf: -------------------------------------------------------------------------------- 1 | module modreq_bool_global 1.0; 2 | 3 | require { 4 | bool bool_req; 5 | class file { read write }; 6 | } 7 | 8 | type mod_global_t; 9 | 10 | type a_t; 11 | type b_t; 12 | 13 | if (bool_req) { 14 | allow a_t b_t : file { read write }; 15 | } 16 | -------------------------------------------------------------------------------- /jni/selinux/mcstrans/src/mls_level.h: -------------------------------------------------------------------------------- 1 | #ifndef __mls_level_h__ 2 | #define __mls_level_h__ 3 | 4 | #include 5 | 6 | unsigned int mls_compute_string_len(mls_level_t *r); 7 | mls_level_t *mls_level_from_string(char *mls_context); 8 | char *mls_level_to_string(mls_level_t *r); 9 | 10 | #endif 11 | -------------------------------------------------------------------------------- /jni/selinux/mcstrans/utils/valgrind-mcstransd: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | service mcstrans stop 3 | #valgrind -v --leak-check=full --show-reachable=yes ../src/mcstransd 4 | runcon -u system_u -r system_r -t setrans_t -l s15:c0.c1023 -- valgrind -v --leak-check=full --show-reachable=yes ../src/mcstransd 5 | run_init /etc/init.d/mcstrans start 6 | -------------------------------------------------------------------------------- /jni/selinux/libsemanage/man/Makefile: -------------------------------------------------------------------------------- 1 | # Installation directories. 2 | MAN3DIR ?= $(DESTDIR)/usr/share/man/man3 3 | MAN5DIR ?= $(DESTDIR)/usr/share/man/man5 4 | 5 | all: 6 | 7 | install: all 8 | mkdir -p $(MAN3DIR) 9 | mkdir -p $(MAN5DIR) 10 | install -m 644 man3/*.3 $(MAN3DIR) 11 | install -m 644 man5/*.5 $(MAN5DIR) 12 | 13 | -------------------------------------------------------------------------------- /jni/selinux/libsepol/man/Makefile: -------------------------------------------------------------------------------- 1 | # Installation directories. 2 | MAN8DIR ?= $(DESTDIR)/usr/share/man/man8 3 | MAN3DIR ?= $(DESTDIR)/usr/share/man/man3 4 | 5 | all: 6 | 7 | install: all 8 | mkdir -p $(MAN3DIR) 9 | mkdir -p $(MAN8DIR) 10 | install -m 644 man3/*.3 $(MAN3DIR) 11 | install -m 644 man8/*.8 $(MAN8DIR) 12 | 13 | -------------------------------------------------------------------------------- /jni/selinux/libsepol/src/policydb_internal.h: -------------------------------------------------------------------------------- 1 | #ifndef _SEPOL_POLICYDB_INTERNAL_H_ 2 | #define _SEPOL_POLICYDB_INTERNAL_H_ 3 | 4 | #include 5 | #include "dso.h" 6 | 7 | hidden_proto(sepol_policydb_create) 8 | hidden_proto(sepol_policydb_free) 9 | extern const char *policydb_target_strings[]; 10 | #endif 11 | -------------------------------------------------------------------------------- /jni/selinux/libsepol/tests/policies/test-deps/modreq-role-opt.conf: -------------------------------------------------------------------------------- 1 | module modreq_role_opt 1.0; 2 | 3 | require { 4 | class file {read write}; 5 | 6 | } 7 | 8 | type mod_global_t; 9 | 10 | optional { 11 | require { 12 | role role_req_r, user_r; 13 | } 14 | type mod_opt_t; 15 | 16 | allow role_req_r user_r; 17 | } 18 | -------------------------------------------------------------------------------- /jni/selinux/python/sepolgen/src/Makefile: -------------------------------------------------------------------------------- 1 | all: ; 2 | 3 | install: 4 | $(MAKE) -C sepolgen $@ 5 | $(MAKE) -C share $@ 6 | 7 | relabel: ; 8 | 9 | clean: 10 | $(MAKE) -C sepolgen $@ 11 | $(MAKE) -C share $@ 12 | rm -f *~ *.pyc 13 | rm -f parser.out parsetab.py 14 | 15 | indent: ; 16 | 17 | 18 | test: ; 19 | 20 | 21 | 22 | -------------------------------------------------------------------------------- /jni/selinux/sandbox/start: -------------------------------------------------------------------------------- 1 | #! /usr/bin/python -Es 2 | try: 3 | from subprocess import getstatusoutput 4 | except ImportError: 5 | from commands import getstatusoutput 6 | import sys 7 | rc = [-1, ''] 8 | try: 9 | rc = getstatusoutput(sys.argv[1]) 10 | except: 11 | pass 12 | if rc[0] == 0: 13 | print(rc[1]) 14 | -------------------------------------------------------------------------------- /jni/selinux/libsepol/tests/policies/test-hooks/module_add_symbols.conf: -------------------------------------------------------------------------------- 1 | module add_symbol_test 1.0; 2 | 3 | require { class file { read write }; } 4 | 5 | type type_add_1; 6 | attribute attrib_add_1; 7 | role role_add_1; 8 | bool bool_add_1 false; 9 | 10 | ifdef(`enable_mls',`',` 11 | user user_add_1 roles { role_add_1 }; 12 | ') 13 | -------------------------------------------------------------------------------- /jni/selinux/libsepol/src/libsepol.pc.in: -------------------------------------------------------------------------------- 1 | prefix=@prefix@ 2 | exec_prefix=${prefix} 3 | libdir=${exec_prefix}/@libdir@ 4 | includedir=@includedir@ 5 | 6 | Name: libsepol 7 | Description: SELinux policy library 8 | Version: @VERSION@ 9 | URL: http://userspace.selinuxproject.org/ 10 | Libs: -L${libdir} -lsepol 11 | Cflags: -I${includedir} 12 | -------------------------------------------------------------------------------- /jni/selinux/libsepol/tests/policies/test-deps/modreq-type-opt.conf: -------------------------------------------------------------------------------- 1 | module modreq_type_opt 1.0; 2 | 3 | require { 4 | type file_t; 5 | class file { read write }; 6 | } 7 | 8 | type mod_global_t; 9 | 10 | optional { 11 | require { 12 | type type_req_t; 13 | } 14 | type mod_opt_t; 15 | allow type_req_t file_t : file { read write }; 16 | } -------------------------------------------------------------------------------- /jni/selinux/mcstrans/Makefile: -------------------------------------------------------------------------------- 1 | all: 2 | $(MAKE) -C src 3 | $(MAKE) -C utils 4 | 5 | install: 6 | $(MAKE) -C src install 7 | # $(MAKE) -C utils install 8 | $(MAKE) -C man install 9 | 10 | clean: 11 | rm -f *~ \#* 12 | $(MAKE) -C src clean 13 | $(MAKE) -C utils clean 14 | $(MAKE) -C man clean 15 | 16 | relabel: 17 | 18 | test: 19 | -------------------------------------------------------------------------------- /jni/selinux/policycoreutils/sestatus/sestatus.conf: -------------------------------------------------------------------------------- 1 | [files] 2 | /etc/passwd 3 | /etc/shadow 4 | /bin/bash 5 | /bin/login 6 | /bin/sh 7 | /sbin/agetty 8 | /sbin/init 9 | /sbin/mingetty 10 | /usr/sbin/sshd 11 | /lib/libc.so.6 12 | /lib/ld-linux.so.2 13 | /lib/ld.so.1 14 | 15 | [process] 16 | /sbin/mingetty 17 | /sbin/agetty 18 | /usr/sbin/sshd 19 | -------------------------------------------------------------------------------- /jni/selinux/python/sepolgen/tests/Makefile: -------------------------------------------------------------------------------- 1 | PYTHON ?= python 2 | 3 | clean: 4 | rm -f *~ *.pyc 5 | rm -f parser.out parsetab.py 6 | rm -f out.txt 7 | rm -f module_compile_test.fc 8 | rm -f module_compile_test.if 9 | rm -f module_compile_test.pp 10 | rm -f output 11 | rm -rf __pycache__ tmp 12 | 13 | test: 14 | $(PYTHON) run-tests.py 15 | -------------------------------------------------------------------------------- /jni/selinux/libselinux/src/setrans_internal.h: -------------------------------------------------------------------------------- 1 | /* Author: Trusted Computer Solutions, Inc. */ 2 | #include 3 | 4 | #define SETRANS_UNIX_SOCKET SELINUX_TRANS_DIR "/.setrans-unix" 5 | 6 | #define RAW_TO_TRANS_CONTEXT 2 7 | #define TRANS_TO_RAW_CONTEXT 3 8 | #define RAW_CONTEXT_TO_COLOR 4 9 | #define MAX_DATA_BUF 8192 10 | 11 | -------------------------------------------------------------------------------- /jni/selinux/mcstrans/share/examples/include/README: -------------------------------------------------------------------------------- 1 | Original RHEL 5 setrans.conf pushed into setrans.d as include file 2 | 3 | To use: 4 | cp setrans.conf /etc/selinux/mls/setrans.conf 5 | cp setrans.d/* /etc/selinux/mls/setrans.d 6 | run_init /etc/init.d/mcstrans restart 7 | 8 | To test: 9 | /usr/share/mcstrans/util/mlstrans-test include.test 10 | -------------------------------------------------------------------------------- /jni/selinux/policycoreutils/newrole/newrole.pamd: -------------------------------------------------------------------------------- 1 | #%PAM-1.0 2 | # Uncomment the next line if you do not want to enter your passwd everytime 3 | # auth sufficient pam_rootok.so 4 | auth include system-auth 5 | account include system-auth 6 | password include system-auth 7 | session include system-auth 8 | session optional pam_xauth.so 9 | -------------------------------------------------------------------------------- /jni/selinux/python/sepolicy/sepolicy/help/lockdown.txt: -------------------------------------------------------------------------------- 1 | The Lockdown Screen allows you to tighten the SELinux Security on your machine. 2 | 3 | 4 | These lockdown measures are recommended, but can cause SELinux issues. If you have a machine you truly want to secure, and are confident in your understanding of SELinux you should try some of these options. 5 | -------------------------------------------------------------------------------- /jni/selinux/gui/sepolicy.desktop: -------------------------------------------------------------------------------- 1 | [Desktop Entry] 2 | Name=SELinux Policy Management Tool 3 | Comment=Generate SELinux policy modules 4 | Icon=sepolicy 5 | Exec=/usr/bin/sepolicy gui 6 | Type=Application 7 | Terminal=false 8 | Categories=System;Security; 9 | X-Desktop-File-Install-Version=0.2 10 | Keywords=policy;security;selinux;avc;permission;mac; 11 | -------------------------------------------------------------------------------- /jni/selinux/libsepol/src/android_m_compat.c: -------------------------------------------------------------------------------- 1 | #include 2 | 3 | #include "android_m_compat.h" 4 | 5 | unsigned int avtab_android_m_compat; 6 | 7 | void avtab_android_m_compat_set(void) 8 | { 9 | if (!avtab_android_m_compat) { 10 | fprintf(stderr, "(Android M policy compatibility mode)\n"); 11 | avtab_android_m_compat = 1; 12 | } 13 | } 14 | -------------------------------------------------------------------------------- /jni/selinux/libsepol/tests/policies/test-hooks/module_add_role_allow_trans.conf: -------------------------------------------------------------------------------- 1 | module add_symbol_test 1.0; 2 | 3 | require { class file { read }; } 4 | 5 | role role_a_1; 6 | role role_a_2; 7 | role role_t_1; 8 | role role_t_2; 9 | 10 | type type_rt_1; 11 | 12 | 13 | allow role_a_1 role_a_2; 14 | 15 | role_transition role_t_1 type_rt_1 role_t_2; 16 | -------------------------------------------------------------------------------- /jni/selinux/mcstrans/share/examples/non-mls-color/secolor.conf: -------------------------------------------------------------------------------- 1 | 2 | color black = #000000 3 | color green = #008000 4 | color yellow = #ffff00 5 | color blue = #0000ff 6 | color white = #ffffff 7 | color red = #ff0000 8 | color orange = #ffa500 9 | color tan = #D2B48C 10 | 11 | user * = black green 12 | role * = white black 13 | type * = tan orange 14 | -------------------------------------------------------------------------------- /jni/selinux/policycoreutils/run_init/run_init.pamd: -------------------------------------------------------------------------------- 1 | #%PAM-1.0 2 | # Uncomment the next line if you do not want to enter your passwd everytime 3 | #auth sufficient pam_rootok.so 4 | auth include system-auth 5 | account include system-auth 6 | password include system-auth 7 | session include system-auth 8 | session optional pam_xauth.so 9 | -------------------------------------------------------------------------------- /jni/selinux/restorecond/restorecond.service: -------------------------------------------------------------------------------- 1 | [Unit] 2 | Description=Restorecon maintaining path file context 3 | ConditionPathExists=/etc/selinux/restorecond.conf 4 | ConditionSecurity=selinux 5 | 6 | [Service] 7 | Type=forking 8 | ExecStart=/usr/sbin/restorecond 9 | PIDFile=/var/run/restorecond.pid 10 | 11 | [Install] 12 | WantedBy=multi-user.target 13 | -------------------------------------------------------------------------------- /jni/selinux/libsemanage/include/Makefile: -------------------------------------------------------------------------------- 1 | # Installation directories. 2 | PREFIX ?= $(DESTDIR)/usr 3 | INCDIR ?= $(PREFIX)/include/semanage 4 | 5 | all: 6 | 7 | install: all 8 | test -d $(INCDIR) || install -m 755 -d $(INCDIR) 9 | install -m 644 $(wildcard semanage/*.h) $(INCDIR) 10 | 11 | indent: 12 | ../../scripts/Lindent $(wildcard semanage/*.h) 13 | -------------------------------------------------------------------------------- /jni/selinux/mcstrans/share/examples/non-mls-color/non-mls.color: -------------------------------------------------------------------------------- 1 | system_u:system_r:inetd_t:SystemLow=#000000 #008000 #ffffff #000000 #d2b48c #ffa500 #000000 #008000 2 | system_u:system_r:inetd_t:SystemHigh=#000000 #008000 #ffffff #000000 #d2b48c #ffa500 #000000 #008000 3 | user_u:user_r:user_t:SystemLow=#000000 #008000 #ffffff #000000 #d2b48c #ffa500 #000000 #008000 4 | -------------------------------------------------------------------------------- /jni/selinux/libselinux/src/freeconary.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include "selinux_internal.h" 3 | #include 4 | #include 5 | 6 | void freeconary(char ** con) 7 | { 8 | char **ptr; 9 | 10 | if (!con) 11 | return; 12 | 13 | for (ptr = con; *ptr; ptr++) { 14 | free(*ptr); 15 | } 16 | free(con); 17 | } 18 | 19 | hidden_def(freeconary) 20 | -------------------------------------------------------------------------------- /jni/selinux/python/sepolicy/sepolicy/help/booleans_toggled.txt: -------------------------------------------------------------------------------- 1 | You are viewing the booleans page for the application domain. 2 | 3 | 4 | Toggle the button to turn on or off the boolean. This will not happen immediately. All changes on the application screen are bundled up into a single transaction. You need to select the update button to apply all of your changes to the system. 5 | -------------------------------------------------------------------------------- /jni/external/Android.mk: -------------------------------------------------------------------------------- 1 | LOCAL_PATH:= $(call my-dir) 2 | 3 | # libsqlite.so (stub) 4 | include $(CLEAR_VARS) 5 | LOCAL_MODULE:= libsqlite 6 | LOCAL_SRC_FILES := sqlite3_stub.c 7 | include $(BUILD_SHARED_LIBRARY) 8 | 9 | # libselinux.so (stub) 10 | include $(CLEAR_VARS) 11 | LOCAL_MODULE:= libselinux 12 | LOCAL_SRC_FILES := selinux_stub.c 13 | include $(BUILD_SHARED_LIBRARY) 14 | -------------------------------------------------------------------------------- /jni/selinux/libselinux/src/libselinux.pc.in: -------------------------------------------------------------------------------- 1 | prefix=@prefix@ 2 | exec_prefix=${prefix} 3 | libdir=${exec_prefix}/@libdir@ 4 | includedir=@includedir@ 5 | 6 | Name: libselinux 7 | Description: SELinux utility library 8 | Version: @VERSION@ 9 | URL: http://userspace.selinuxproject.org/ 10 | Requires.private: libsepol libpcre 11 | Libs: -L${libdir} -lselinux 12 | Cflags: -I${includedir} 13 | -------------------------------------------------------------------------------- /jni/selinux/libsepol/tests/policies/test-deps/modreq-perm-opt.conf: -------------------------------------------------------------------------------- 1 | module modreq_perm_opt 1.0; 2 | 3 | require { 4 | class file { read write }; 5 | } 6 | 7 | type mod_global_t; 8 | 9 | optional { 10 | require { 11 | class msg { send receive }; 12 | } 13 | 14 | type mod_opt_t; 15 | type a_mod_t; 16 | type b_mod_t; 17 | allow a_mod_t b_mod_t: msg { send receive }; 18 | } 19 | -------------------------------------------------------------------------------- /jni/selinux/mcstrans/src/mcstrans.h: -------------------------------------------------------------------------------- 1 | /* Copyright (c) 2006 Trusted Computer Solutions, Inc. */ 2 | 3 | #include 4 | 5 | extern int init_translations(void); 6 | extern void finish_context_translations(void); 7 | extern int trans_context(const security_context_t, security_context_t *); 8 | extern int untrans_context(const security_context_t, security_context_t *); 9 | 10 | -------------------------------------------------------------------------------- /jni/selinux/libsemanage/src/context_internal.h: -------------------------------------------------------------------------------- 1 | #ifndef _SEMANAGE_CONTEXT_INTERNAL_H_ 2 | #define _SEMANAGE_CONTEXT_INTERNAL_H_ 3 | 4 | #include 5 | #include "dso.h" 6 | 7 | hidden_proto(semanage_context_clone) 8 | hidden_proto(semanage_context_free) 9 | hidden_proto(semanage_context_from_string) 10 | hidden_proto(semanage_context_to_string) 11 | #endif 12 | -------------------------------------------------------------------------------- /jni/selinux/libsemanage/utils/Makefile: -------------------------------------------------------------------------------- 1 | # Installation directories. 2 | PREFIX ?= $(DESTDIR)/usr 3 | LIBEXECDIR ?= $(PREFIX)/libexec 4 | SELINUXEXECDIR ?= $(LIBEXECDIR)/selinux/ 5 | 6 | all: 7 | 8 | install: all 9 | -mkdir -p $(SELINUXEXECDIR) 10 | install -m 755 semanage_migrate_store $(SELINUXEXECDIR) 11 | 12 | clean: 13 | 14 | distclean: clean 15 | 16 | indent: 17 | 18 | relabel: 19 | 20 | -------------------------------------------------------------------------------- /jni/selinux/libsepol/include/sepol/module_to_cil.h: -------------------------------------------------------------------------------- 1 | #include 2 | 3 | #include 4 | #include 5 | 6 | int sepol_module_policydb_to_cil(FILE *fp, struct policydb *pdb, int linked); 7 | int sepol_module_package_to_cil(FILE *fp, struct sepol_module_package *mod_pkg); 8 | int sepol_ppfile_to_module_package(FILE *fp, struct sepol_module_package **mod_pkg); 9 | -------------------------------------------------------------------------------- /jni/selinux/libsepol/tests/policies/test-deps/modreq-bool-opt.conf: -------------------------------------------------------------------------------- 1 | module modreq_bool_opt 1.0; 2 | 3 | require { 4 | class file {read write}; 5 | 6 | } 7 | 8 | type mod_global_t; 9 | 10 | optional { 11 | require { 12 | bool bool_req; 13 | } 14 | 15 | type a_t; 16 | type b_t; 17 | type mod_opt_t; 18 | 19 | if (bool_req) { 20 | allow a_t b_t : file { read write }; 21 | } 22 | } 23 | -------------------------------------------------------------------------------- /jni/selinux/libsepol/tests/policies/test-deps/modreq-obj-opt.conf: -------------------------------------------------------------------------------- 1 | module modreq_obj_global 1.0; 2 | 3 | require { 4 | class file { read }; 5 | } 6 | 7 | type mod_global_t; 8 | 9 | type mod_foo_t; 10 | type mod_bar_t; 11 | 12 | optional { 13 | require { 14 | class sem { create destroy }; 15 | } 16 | 17 | type mod_opt_t; 18 | 19 | allow mod_foo_t mod_bar_t : sem { create destroy }; 20 | } 21 | -------------------------------------------------------------------------------- /jni/selinux/python/sepolicy/sepolicy/help/ports_inbound.txt: -------------------------------------------------------------------------------- 1 | This screen shows the network ports that processes running with the '%(APP)s' type is allowed to bind to. 2 | 3 | 4 | SELinux controls the network ports that a application is allowed to bind to based on SELinux Port types. 5 | 6 | This screen allows you to modify the port number/port type definitions, which the '(APP)s' is currently allowed to bind. 7 | -------------------------------------------------------------------------------- /jni/selinux/python/sepolicy/sepolicy/help/ports_outbound.txt: -------------------------------------------------------------------------------- 1 | This screen shows the network ports to which processes running with the '%(APP)s' type is allowed to connect. 2 | 3 | 4 | SELinux controls the network ports that a applications are allowed to connect, based on SELinux Port types. 5 | 6 | This screen allows you to modify the port number/port type definitions, which the '%(APP)s' is currently allowed to connect. 7 | -------------------------------------------------------------------------------- /jni/selinux/python/sepolicy/sepolicy/help/system_current_mode.txt: -------------------------------------------------------------------------------- 1 | You can switch SELinux between Enforcing mode and Permissive mode. 2 | 3 | 4 | When a machine is in permissive mode, SELinux will continue to log SELinux AVC messages, that would have been denied if the machine was in enforcing mode. 5 | 6 | Changing the current mode of the system will not survive a reboot. You would need to change the system mode for this. 7 | -------------------------------------------------------------------------------- /Makefile: -------------------------------------------------------------------------------- 1 | 2 | all: build 3 | 4 | build: 5 | ndk-build 6 | 7 | buildV: 8 | ndk-build V=1 NDK_PROJECT_PATH=. APP_BUILD_SCRIPT=./Android.mk NDK_APPLICATION_MK=./Application.mk 9 | 10 | push: 11 | adb push libs/armeabi-v7a/su /data/local/tmp/su 12 | 13 | run: 14 | adb push libs/armeabi-v7a/su /data/local/tmp/su 15 | adb shell "su -c \"/data/local/tmp/su -d 2>&1\"" 16 | 17 | clean: 18 | rm -rf obj 19 | rm -rf libs 20 | -------------------------------------------------------------------------------- /jni/selinux/.gitignore: -------------------------------------------------------------------------------- 1 | # Note: use "git ls-files -i --exclude-standard" to make sure 2 | # no tracked files are ignored as a result of any changes. 3 | 4 | # Object files 5 | *.o 6 | *.lo 7 | *.so 8 | *.so.[0-9] 9 | *.a 10 | *.s 11 | *.mo 12 | *.pc 13 | 14 | # Misc 15 | *.patch 16 | *.gz 17 | *~ 18 | *.orig 19 | *.rej 20 | *.pyc 21 | *.pyo 22 | cscope.* 23 | .#* 24 | \#* 25 | .*.swp 26 | # Failsafes 27 | !.gitignore 28 | -------------------------------------------------------------------------------- /jni/selinux/libsemanage/src/handle_internal.h: -------------------------------------------------------------------------------- 1 | #ifndef _SEMANAGE_HANDLE_INTERNAL_H_ 2 | #define _SEMANAGE_HANDLE_INTERNAL_H_ 3 | 4 | #include 5 | #include "dso.h" 6 | 7 | hidden_proto(semanage_begin_transaction) 8 | hidden_proto(semanage_handle_destroy) 9 | hidden_proto(semanage_reload_policy) 10 | hidden_proto(semanage_access_check) 11 | hidden_proto(semanage_set_root) 12 | #endif 13 | -------------------------------------------------------------------------------- /jni/selinux/libsemanage/src/libsemanage.pc.in: -------------------------------------------------------------------------------- 1 | prefix=@prefix@ 2 | exec_prefix=${prefix} 3 | libdir=${exec_prefix}/@libdir@ 4 | includedir=@includedir@ 5 | 6 | Name: libsemanage 7 | Description: SELinux management library 8 | Version: @VERSION@ 9 | URL: http://userspace.selinuxproject.org/ 10 | Requires.private: libselinux libsepol 11 | Libs: -L${libdir} -lsemanage 12 | Libs.private: -lbz2 13 | Cflags: -I${includedir} 14 | -------------------------------------------------------------------------------- /jni/selinux/libselinux/include/Makefile: -------------------------------------------------------------------------------- 1 | # Installation directories. 2 | PREFIX ?= $(DESTDIR)/usr 3 | INCDIR ?= $(PREFIX)/include/selinux 4 | 5 | all: 6 | 7 | install: all 8 | test -d $(INCDIR) || install -m 755 -d $(INCDIR) 9 | install -m 644 $(wildcard selinux/*.h) $(INCDIR) 10 | 11 | relabel: 12 | 13 | indent: 14 | ../../scripts/Lindent $(wildcard selinux/*.h) 15 | 16 | distclean clean: 17 | -rm -f selinux/*~ 18 | 19 | -------------------------------------------------------------------------------- /jni/selinux/libselinux/utils/policyvers.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | #include 4 | #include 5 | 6 | int main(int argc __attribute__ ((unused)), char **argv) 7 | { 8 | int rc; 9 | 10 | rc = security_policyvers(); 11 | if (rc < 0) { 12 | fprintf(stderr, "%s: policyvers() failed\n", argv[0]); 13 | exit(2); 14 | } 15 | 16 | printf("%d\n", rc); 17 | exit(0); 18 | } 19 | -------------------------------------------------------------------------------- /jni/selinux/python/sepolgen/src/sepolgen/Makefile: -------------------------------------------------------------------------------- 1 | PYTHON ?= python 2 | PYTHONLIBDIR ?= $(shell $(PYTHON) -c "from distutils.sysconfig import *; print(get_python_lib(1))") 3 | PACKAGEDIR ?= $(DESTDIR)/$(PYTHONLIBDIR)/sepolgen 4 | 5 | all: 6 | 7 | install: all 8 | -mkdir -p $(PACKAGEDIR) 9 | install -m 644 *.py $(PACKAGEDIR) 10 | 11 | clean: 12 | rm -f parser.out parsetab.py 13 | rm -f *~ *.pyc 14 | rm -rf __pycache__ 15 | -------------------------------------------------------------------------------- /jni/selinux/mcstrans/share/examples/urcsts/README: -------------------------------------------------------------------------------- 1 | Simple handling of 2 | UNCLASSIFIED 3 | RESTRICTED 4 | CONFIDENTIAL 5 | SECRET 6 | TOP SECRET 7 | 8 | To use: 9 | cp setrans.conf /etc/selinux/mls/setrans.conf 10 | cp secolor.conf /etc/selinux/mls/ 11 | run_init /etc/init.d/mcstrans restart 12 | 13 | To test: 14 | /usr/share/mcstrans/util/mlstrans-test urcsts.test 15 | /usr/share/mcstrans/util/mlscolor-test urcsts.color 16 | -------------------------------------------------------------------------------- /jni/selinux/python/chcat/Makefile: -------------------------------------------------------------------------------- 1 | # Installation directories. 2 | PREFIX ?= $(DESTDIR)/usr 3 | BINDIR ?= $(PREFIX)/bin 4 | MANDIR ?= $(PREFIX)/share/man 5 | LOCALEDIR ?= $(PREFIX)/share/locale 6 | 7 | .PHONY: all 8 | all: chcat 9 | 10 | install: all 11 | -mkdir -p $(BINDIR) 12 | install -m 755 chcat $(BINDIR) 13 | -mkdir -p $(MANDIR)/man8 14 | install -m 644 chcat.8 $(MANDIR)/man8/ 15 | 16 | clean: 17 | 18 | indent: 19 | 20 | relabel: 21 | -------------------------------------------------------------------------------- /jni/selinux/mcstrans/share/examples/nato/README: -------------------------------------------------------------------------------- 1 | NATO example test setrans.conf 2 | 3 | To use: 4 | mkdir /etc/selinux/mls/mcstrand.d 5 | cp rel.conf /etc/selinux/mls/mcstrand.d 6 | cp eyes-only.conf /etc/selinux/mls/mcstrand.d 7 | cp constraints.conf /etc/selinux/mls/mcstrand.d 8 | cp setrans.conf /etc/selinux/mls/setrans.conf 9 | sudo run_init /etc/init.d/mcstrans restart 10 | 11 | To test: 12 | /usr/share/mcstrans/util/mlstrans-test nato.test 13 | -------------------------------------------------------------------------------- /jni/selinux/mcstrans/share/examples/pipes/pipes.test: -------------------------------------------------------------------------------- 1 | Restricted Handle Via Iron Pipes Only==s2:c102,c200.c511 2 | Restricted Handle Via Copper Pipes Only==s2:c103,c200.c511 3 | Restricted Handle Via Plastic Pipes Only==s2:c101,c200.c511 4 | Restricted Handle Via Galvanized Pipes Only==s2:c104,c200.c511 5 | Restricted Handle Via Plastic,Iron,Copper Pipes Only==s2:c101.c103,c200.c511 6 | Restricted Handle Via Iron,Plastic,Copper Pipes Only=s2:c101.c103,c200.c511 7 | -------------------------------------------------------------------------------- /jni/selinux/libsepol/include/sepol/roles.h: -------------------------------------------------------------------------------- 1 | #ifndef _SEPOL_ROLES_H_ 2 | #define _SEPOL_ROLES_H_ 3 | 4 | #ifdef __cplusplus 5 | extern "C" { 6 | #endif 7 | 8 | extern int sepol_role_exists(const sepol_policydb_t * policydb, 9 | const char *role, int *response); 10 | 11 | extern int sepol_role_list(const sepol_policydb_t * policydb, 12 | char ***roles, unsigned int *nroles); 13 | 14 | #ifdef __cplusplus 15 | } 16 | #endif 17 | 18 | #endif 19 | -------------------------------------------------------------------------------- /jni/selinux/libsepol/tests/policies/test-deps/module.conf: -------------------------------------------------------------------------------- 1 | module my_module 1.0; 2 | 3 | require { 4 | bool secure_mode; 5 | type system_t, sysadm_t, file_t; 6 | attribute domain; 7 | role system_r; 8 | class file {read write}; 9 | 10 | } 11 | 12 | type new_t, domain; 13 | role system_r types new_t; 14 | 15 | allow system_t file_t : file { read write }; 16 | 17 | if (secure_mode) 18 | { 19 | allow sysadm_t file_t : file { read write }; 20 | } 21 | -------------------------------------------------------------------------------- /jni/selinux/python/sepolicy/sepolicy/help/files_exec.txt: -------------------------------------------------------------------------------- 1 | This screen shows application types that can transition to a process running with the '%(APP)s' type. 2 | 3 | 4 | In SELinux these are called entrypoints. SELinux controls the executable files that can be used as an entrypoint to an confined domain. If you have an alternate executable that you would like to run in the '%(APP)s' domain, you need to change the executable file type to the entrypoint type. 5 | -------------------------------------------------------------------------------- /jni/selinux/checkpolicy/test/Makefile: -------------------------------------------------------------------------------- 1 | # 2 | # Makefile for building the dispol program 3 | # 4 | PREFIX ?= $(DESTDIR)/usr 5 | BINDIR ?= $(PREFIX)/bin 6 | LIBDIR ?= $(PREFIX)/lib 7 | INCLUDEDIR ?= $(PREFIX)/include 8 | LIBSEPOLA ?= $(LIBDIR)/libsepol.a 9 | 10 | CFLAGS ?= -g -Wall -W -Werror -O2 -pipe 11 | 12 | all: dispol dismod 13 | 14 | dispol: dispol.o $(LIBSEPOLA) 15 | 16 | dismod: dismod.o $(LIBSEPOLA) 17 | 18 | clean: 19 | -rm -f dispol dismod *.o 20 | -------------------------------------------------------------------------------- /jni/selinux/checkpolicy/checkpolicy.h: -------------------------------------------------------------------------------- 1 | #ifndef _CHECKPOLICY_H_ 2 | #define _CHECKPOLICY_H_ 3 | 4 | #include 5 | 6 | typedef struct te_assert { 7 | ebitmap_t stypes; 8 | ebitmap_t ttypes; 9 | ebitmap_t tclasses; 10 | int self; 11 | sepol_access_vector_t *avp; 12 | unsigned long line; 13 | struct te_assert *next; 14 | } te_assert_t; 15 | 16 | te_assert_t *te_assertions; 17 | 18 | extern unsigned int policyvers; 19 | 20 | #endif 21 | -------------------------------------------------------------------------------- /jni/selinux/mcstrans/share/examples/urcsts/setrans.conf: -------------------------------------------------------------------------------- 1 | # UNCLASSIFIED 2 | 3 | s0=SystemLow 4 | s15:c0.c1023=SystemHigh 5 | 6 | s1=UNCLASSIFIED 7 | s1=UNCLAS 8 | s1=U 9 | 10 | s3=RESTRICTED 11 | s3=R E S T R I C T E D 12 | s3=R 13 | 14 | s5=CONFIDENTIAL 15 | s5=C O N F I D E N T I A L 16 | s5=C 17 | 18 | s7=SECRET 19 | s7=S E C R E T 20 | s7=S 21 | 22 | s9=TOP SECRET 23 | s9=T O P S E C R E T 24 | s9=T O P S E C R E T 25 | s9=TS 26 | 27 | # UNCLASSIFIED 28 | -------------------------------------------------------------------------------- /jni/selinux/mcstrans/share/examples/urcsts/urcsts.test: -------------------------------------------------------------------------------- 1 | # UNCLASSIFIED 2 | 3 | SystemLow=s0 4 | SystemHigh=s15:c0.c1023 5 | 6 | UNCLASSIFIED==s1 7 | UNCLAS=s1 8 | U=s1 9 | 10 | RESTRICTED==s3 11 | R E S T R I C T E D=s3 12 | R=s3 13 | 14 | CONFIDENTIAL==s5 15 | C O N F I D E N T I A L=s5 16 | C=s5 17 | 18 | SECRET==s7 19 | S E C R E T=s7 20 | S=s7 21 | 22 | TOP SECRET==s9 23 | T O P S E C R E T=s9 24 | T O P S E C R E T=s9 25 | TS=s9 26 | 27 | # UNCLASSIFIED 28 | -------------------------------------------------------------------------------- /jni/selinux/policycoreutils/scripts/Makefile: -------------------------------------------------------------------------------- 1 | # Installation directories. 2 | PREFIX ?= $(DESTDIR)/usr 3 | SBINDIR ?= $(DESTDIR)/sbin 4 | MANDIR ?= $(PREFIX)/share/man 5 | LOCALEDIR ?= $(PREFIX)/share/locale 6 | 7 | .PHONY: all 8 | all: fixfiles 9 | 10 | install: all 11 | -mkdir -p $(SBINDIR) 12 | install -m 755 fixfiles $(SBINDIR) 13 | -mkdir -p $(MANDIR)/man8 14 | install -m 644 fixfiles.8 $(MANDIR)/man8/ 15 | 16 | clean: 17 | 18 | indent: 19 | 20 | relabel: 21 | -------------------------------------------------------------------------------- /jni/selinux/python/sepolgen/tests/run-tests.py: -------------------------------------------------------------------------------- 1 | import unittest 2 | import sys 3 | 4 | sys.path.insert(0, "../src/.") 5 | from test_access import * 6 | from test_audit import * 7 | from test_refpolicy import * 8 | from test_refparser import * 9 | from test_policygen import * 10 | from test_matching import * 11 | from test_interfaces import * 12 | from test_objectmodel import * 13 | from test_module import * 14 | 15 | if __name__ == "__main__": 16 | unittest.main() 17 | -------------------------------------------------------------------------------- /jni/selinux/mcstrans/share/examples/pipes/setrans.conf: -------------------------------------------------------------------------------- 1 | 2 | Domain=PipesTest 3 | 4 | s0=SystemLow 5 | s15:c0.c1023=SystemHigh 6 | s0-s15:c0.c1023=SystemLow-SystemHigh 7 | 8 | Base=Sensitivity Levels 9 | s1=Unclassified 10 | s1=U 11 | s2:c200.c511=Restricted 12 | s2:c200.c511=R 13 | s3:c200.c511=Confidential 14 | s3:c200.c511=C 15 | s4:c200.c511=Secret 16 | s4:c200.c511=S 17 | s5:c200.c511=Top Secret 18 | s5:c200.c511=TS 19 | 20 | Include=/etc/selinux/mls/setrans.d/pipes.conf 21 | -------------------------------------------------------------------------------- /jni/selinux/mcstrans/share/examples/urcsts-via-include/urcsts.test: -------------------------------------------------------------------------------- 1 | # UNCLASSIFIED 2 | 3 | SystemLow=s0 4 | SystemHigh=s15:c0.c1023 5 | 6 | UNCLASSIFIED==s1 7 | UNCLAS=s1 8 | U=s1 9 | 10 | RESTRICTED==s3 11 | R E S T R I C T E D=s3 12 | R=s3 13 | 14 | CONFIDENTIAL==s5 15 | C O N F I D E N T I A L=s5 16 | C=s5 17 | 18 | SECRET==s7 19 | S E C R E T=s7 20 | S=s7 21 | 22 | TOP SECRET==s9 23 | T O P S E C R E T=s9 24 | T O P S E C R E T=s9 25 | TS=s9 26 | 27 | # UNCLASSIFIED 28 | -------------------------------------------------------------------------------- /jni/selinux/python/sepolicy/sepolicy/help/system_policy_type.txt: -------------------------------------------------------------------------------- 1 | If you have more then one policy type installed, the advanced screen will become visible. You can select the advanced tab and modify the policy type that SELinux is running with. 2 | 3 | Policy types are installed as sub-directories of /etc/selinux. 4 | 5 | Changing the policy type of the machine will require a system relabeled in permissive mode. The gui will insure that proper labels get assigned on the next reboot. 6 | -------------------------------------------------------------------------------- /jni/selinux/libselinux/man/Makefile: -------------------------------------------------------------------------------- 1 | # Installation directories. 2 | MAN8DIR ?= $(DESTDIR)/usr/share/man/man8 3 | MAN5DIR ?= $(DESTDIR)/usr/share/man/man5 4 | MAN3DIR ?= $(DESTDIR)/usr/share/man/man3 5 | 6 | all: 7 | 8 | install: all 9 | mkdir -p $(MAN3DIR) 10 | mkdir -p $(MAN5DIR) 11 | mkdir -p $(MAN8DIR) 12 | install -m 644 man3/*.3 $(MAN3DIR) 13 | install -m 644 man5/*.5 $(MAN5DIR) 14 | install -m 644 man8/*.8 $(MAN8DIR) 15 | 16 | relabel: 17 | 18 | indent distclean clean: 19 | -------------------------------------------------------------------------------- /jni/selinux/python/sepolicy/sepolicy/help/system_export.txt: -------------------------------------------------------------------------------- 1 | SELinux allows you to export/import the current configuration of the machine. 2 | 3 | 4 | If you have several machines configured the same way you may want to modify the SELinux configuration on one machine and then export the configuration to a file. Then you could copy that file to another machine and import it on that machine. 5 | 6 | Note, If you import a configuration to a machine, the local configuration will get removed. 7 | -------------------------------------------------------------------------------- /jni/selinux/mcstrans/share/examples/urcsts-via-include/README: -------------------------------------------------------------------------------- 1 | Simple handling of 2 | UNCLASSIFIED 3 | RESTRICTED 4 | CONFIDENTIAL 5 | SECRET 6 | TOP SECRET 7 | via include files 8 | 9 | To use: 10 | cp -L setrans.conf /etc/selinux/mls/ 11 | cp -L secolor.conf /etc/selinux/mls/ 12 | rm -f /etc/selinux/mls/setrans.d/* 13 | cp setrans.d/* /etc/selinux/mls/setrans.d 14 | run_init /etc/init.d/mcstrans restart 15 | 16 | To test: 17 | /usr/share/mcstrans/util/mlstrans-test urcsts.test 18 | -------------------------------------------------------------------------------- /jni/selinux/python/sepolicy/sepolicy/help/system_relabel.txt: -------------------------------------------------------------------------------- 1 | SELinux is a labeling system. Sometimes the labels on disk can get messed up. One way to fix this is to trigger a full relabel on the next boot. 2 | 3 | 4 | You can toggle this behavior using this screen. 5 | 6 | Note: Sometimes a simple restorecon is all you need to fix the labels on a file or directory. 7 | 8 | If you add a new disk which does not have labels you could simply execute 9 | 10 | # restorecon -R -v PATHTODISK 11 | -------------------------------------------------------------------------------- /jni/selinux/secilc/test/minimum.cil: -------------------------------------------------------------------------------- 1 | (class CLASS (PERM)) 2 | (classorder (CLASS)) 3 | (sid SID) 4 | (sidorder (SID)) 5 | (user USER) 6 | (role ROLE) 7 | (type TYPE) 8 | (category CAT) 9 | (categoryorder (CAT)) 10 | (sensitivity SENS) 11 | (sensitivityorder (SENS)) 12 | (sensitivitycategory SENS (CAT)) 13 | (allow TYPE self (CLASS (PERM))) 14 | (roletype ROLE TYPE) 15 | (userrole USER ROLE) 16 | (userlevel USER (SENS)) 17 | (userrange USER ((SENS)(SENS (CAT)))) 18 | (sidcontext SID (USER ROLE TYPE ((SENS)(SENS)))) -------------------------------------------------------------------------------- /jni/selinux/libselinux/src/context_internal.h: -------------------------------------------------------------------------------- 1 | #include 2 | #include "dso.h" 3 | 4 | hidden_proto(context_new) 5 | hidden_proto(context_free) 6 | hidden_proto(context_str) 7 | hidden_proto(context_type_set) 8 | hidden_proto(context_type_get) 9 | hidden_proto(context_role_set) 10 | hidden_proto(context_role_get) 11 | hidden_proto(context_user_set) 12 | hidden_proto(context_user_get) 13 | hidden_proto(context_range_set) 14 | hidden_proto(context_range_get) 15 | -------------------------------------------------------------------------------- /jni/selinux/libselinux/man/man8/getenforce.8: -------------------------------------------------------------------------------- 1 | .TH "getenforce" "8" "7 April 2004" "dwalsh@redhat.com" "SELinux Command Line documentation" 2 | .SH "NAME" 3 | getenforce \- get the current mode of SELinux 4 | . 5 | .SH "SYNOPSIS" 6 | .B getenforce 7 | . 8 | .SH "DESCRIPTION" 9 | .B getenforce 10 | reports whether SELinux is enforcing, permissive, or disabled. 11 | . 12 | .SH AUTHOR 13 | Dan Walsh, 14 | . 15 | .SH "SEE ALSO" 16 | .BR selinux (8), 17 | .BR setenforce (8), 18 | .BR selinuxenabled (8) 19 | -------------------------------------------------------------------------------- /jni/selinux/libselinux/man/man3/security_policyvers.3: -------------------------------------------------------------------------------- 1 | .TH "security_policyvers" "3" "1 January 2004" "russell@coker.com.au" "SELinux API documentation" 2 | .SH "NAME" 3 | security_policyvers \- get the version of the SELinux policy 4 | .SH "SYNOPSIS" 5 | .B #include 6 | .sp 7 | .B int security_policyvers(); 8 | . 9 | .SH "DESCRIPTION" 10 | .BR security_policyvers () 11 | returns the version of the policy (a positive integer) on success, or \-1 on 12 | error. 13 | . 14 | .SH "SEE ALSO" 15 | .BR selinux "(8)" 16 | -------------------------------------------------------------------------------- /jni/selinux/python/sepolicy/sepolicy/help/booleans.txt: -------------------------------------------------------------------------------- 1 | You are viewing the booleans page for the application domain. 2 | 3 | 4 | SELinux Policy writers have written booleans, if-than-else rules, into the policy. This allows the administrator to change the way SELinux enforces policy on an application. The administrator can tighten or loosen the SELinux policy based on his needs. 5 | 6 | You can use the 'Filter Text Entry' to search for appropriate booleans. The Show Modified Only toggle, will show the booleans that your system has customized. 7 | -------------------------------------------------------------------------------- /jni/selinux/python/sepolicy/sepolicy/help/transition_from_boolean.txt: -------------------------------------------------------------------------------- 1 | Transitions can be controlled by SELinux Booleans. 2 | 3 | 4 | SELinux Booleans are If-then-else rules in policy, that allow the administrator to modify the access control on a process type. 5 | 6 | Transition rules are either always allowed or can be turned on and off based on the boolean settings. If the 'Boolean Enabled' column has an arrow on it, this indicates the transition is controlled by a boolean. 7 | 8 | Go to the next screen to see the effect of clicking on the arrow. 9 | -------------------------------------------------------------------------------- /jni/selinux/libselinux/utils/.gitignore: -------------------------------------------------------------------------------- 1 | avcstat 2 | compute_av 3 | compute_create 4 | compute_member 5 | compute_relabel 6 | compute_user 7 | getconlist 8 | getdefaultcon 9 | getenforce 10 | getfilecon 11 | getpidcon 12 | getsebool 13 | getseuser 14 | matchpathcon 15 | policyvers 16 | sefcontext_compile 17 | selabel_digest 18 | selabel_lookup 19 | selabel_lookup_best_match 20 | selabel_partial_match 21 | selinux_check_securetty_context 22 | selinuxenabled 23 | selinuxexeccon 24 | setenforce 25 | setfilecon 26 | togglesebool 27 | selinux_check_access 28 | -------------------------------------------------------------------------------- /jni/selinux/scripts/Lindent: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | PARAM="-npro -kr -i8 -ts8 -sob -l80 -ss -ncs -cp1" 3 | RES=`indent --version` 4 | V1=`echo $RES | cut -d' ' -f3 | cut -d'.' -f1` 5 | V2=`echo $RES | cut -d' ' -f3 | cut -d'.' -f2` 6 | V3=`echo $RES | cut -d' ' -f3 | cut -d'.' -f3` 7 | if [ $V1 -gt 2 ]; then 8 | PARAM="$PARAM -il0" 9 | elif [ $V1 -eq 2 ]; then 10 | if [ $V2 -gt 2 ]; then 11 | PARAM="$PARAM -il0"; 12 | elif [ $V2 -eq 2 ]; then 13 | if [ $V3 -ge 10 ]; then 14 | PARAM="$PARAM -il0" 15 | fi 16 | fi 17 | fi 18 | indent $PARAM "$@" 19 | -------------------------------------------------------------------------------- /jni/selinux/libsepol/src/boolean_internal.h: -------------------------------------------------------------------------------- 1 | #ifndef _SEPOL_BOOLEAN_INTERNAL_H_ 2 | #define _SEPOL_BOOLEAN_INTERNAL_H_ 3 | 4 | #include 5 | #include 6 | #include "dso.h" 7 | 8 | hidden_proto(sepol_bool_key_create) 9 | hidden_proto(sepol_bool_key_unpack) 10 | hidden_proto(sepol_bool_get_name) 11 | hidden_proto(sepol_bool_set_name) 12 | hidden_proto(sepol_bool_get_value) 13 | hidden_proto(sepol_bool_set_value) 14 | hidden_proto(sepol_bool_create) 15 | hidden_proto(sepol_bool_free) 16 | #endif 17 | -------------------------------------------------------------------------------- /jni/selinux/python/sepolicy/sepolicy/help/start.txt: -------------------------------------------------------------------------------- 1 | You must 'Select' the initial screen to view for SELinux Configuration. 2 | 3 | 4 | This application allows you to browse SELinux confinement per application. You can enter the name of the application to see how SELinux confines it, or you could enter the SELinux name for the running process. 5 | 6 | Alternatively you can select to manage SELinux on the system, lockdown the system via SELinux. You can also manage confined users and confined user mappings. Finally you could setup File System Labeling equivalence. 7 | -------------------------------------------------------------------------------- /jni/selinux/libsepol/Makefile: -------------------------------------------------------------------------------- 1 | DISABLE_CIL ?= n 2 | 3 | export DISABLE_CIL 4 | 5 | all: 6 | $(MAKE) -C src 7 | $(MAKE) -C utils 8 | 9 | install: 10 | $(MAKE) -C include install 11 | $(MAKE) -C src install 12 | $(MAKE) -C utils install 13 | $(MAKE) -C man install 14 | 15 | relabel: 16 | $(MAKE) -C src relabel 17 | 18 | clean: 19 | $(MAKE) -C src clean 20 | $(MAKE) -C utils clean 21 | $(MAKE) -C tests clean 22 | 23 | indent: 24 | $(MAKE) -C src $@ 25 | $(MAKE) -C include $@ 26 | $(MAKE) -C utils $@ 27 | 28 | test: 29 | $(MAKE) -C tests test 30 | 31 | -------------------------------------------------------------------------------- /jni/selinux/libsepol/utils/Makefile: -------------------------------------------------------------------------------- 1 | # Installation directories. 2 | PREFIX ?= $(DESTDIR)/usr 3 | BINDIR ?= $(PREFIX)/bin 4 | 5 | CFLAGS ?= -Wall -Werror 6 | override CFLAGS += -I../include 7 | override LDFLAGS += -L../src 8 | override LDLIBS += -lsepol 9 | 10 | TARGETS=$(patsubst %.c,%,$(sort $(wildcard *.c))) 11 | 12 | all: $(TARGETS) 13 | 14 | install: all 15 | -mkdir -p $(BINDIR) 16 | install -m 755 $(TARGETS) $(BINDIR) 17 | 18 | clean: 19 | -rm -f $(TARGETS) *.o 20 | 21 | indent: 22 | ../../scripts/Lindent $(wildcard *.[ch]) 23 | 24 | relabel: 25 | 26 | -------------------------------------------------------------------------------- /jni/selinux/mcstrans/TODO: -------------------------------------------------------------------------------- 1 | TODO List for mcstrans: 2 | 3 | In compute_raw_from_trans look for conflicting bit patterns and report errors. 4 | 5 | In emit_whitespace look at whitespace characters for any regex special character and escape them. 6 | 7 | Make prefixes and suffixes optional (ex. SECRET REL AUS == SECRET AUS). 8 | 9 | compute_trans_from_raw is an expensive operation that needs to be sped up or threaded so that mcstrans can respond to other requests more quickly. 10 | 11 | Reevaluate the means of determining whether inverse bits are used in a domain. 12 | -------------------------------------------------------------------------------- /jni/selinux/libselinux/utils/setfilecon.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | #include 4 | #include 5 | 6 | int main(int argc, char **argv) 7 | { 8 | int rc, i; 9 | 10 | if (argc < 3) { 11 | fprintf(stderr, "usage: %s context path...\n", argv[0]); 12 | exit(1); 13 | } 14 | 15 | for (i = 2; i < argc; i++) { 16 | rc = setfilecon(argv[i], argv[1]); 17 | if (rc < 0) { 18 | fprintf(stderr, "%s: setfilecon(%s,%s) failed\n", 19 | argv[0], argv[i], argv[1]); 20 | exit(2); 21 | } 22 | } 23 | exit(0); 24 | } 25 | -------------------------------------------------------------------------------- /jni/selinux/python/sepolicy/sepolicy/help/system_boot_mode.txt: -------------------------------------------------------------------------------- 1 | SELinux Systems can boot in three different modes. 2 | 3 | 4 | * Enforcing mode (Default) 5 | - SELinux security policy is enforced. 6 | * Permissive 7 | - SELinux prints warnings instead of enforcing. 8 | * Disabled 9 | - No SELinux policy is loaded, SELinux does not run. 10 | 11 | You can use this screen to change the enforcing mode. 12 | 13 | Note if you disable SELinux, you will need to to reboot, to turn it off. Also the next time you turn SELinux on, a full system relabel will be performed. 14 | -------------------------------------------------------------------------------- /jni/selinux/python/sepolicy/sepolicy/help/login_default.txt: -------------------------------------------------------------------------------- 1 | The Login Mapping Screen has a special Login user called __default__. This record is used to setup the default login user for any login account that is not specified separately. 2 | 3 | 4 | If this is a desktop system you might want to specify the user_u or xguest_u user. If this is a terminal server the guest_u user might be a good match. 5 | 6 | Then you would need to add the admin users or a Linux group with a different label. Perhaps as unconfined_u or staff_u. 7 | 8 | You could use %%wheel to indicate the wheel group. 9 | -------------------------------------------------------------------------------- /jni/selinux/libsemanage/src/exception.sh: -------------------------------------------------------------------------------- 1 | function except() { 2 | echo " 3 | %exception $1 { 4 | \$action 5 | if (result < 0) { 6 | PyErr_SetFromErrno(PyExc_OSError); 7 | SWIG_fail; 8 | } 9 | } 10 | " 11 | } 12 | if ! ${CC:-gcc} -x c -c -I../include - -aux-info temp.aux < ../include/semanage/semanage.h 13 | then 14 | # clang does not support -aux-info so fall back to gcc 15 | gcc -x c -c -I../include - -aux-info temp.aux < ../include/semanage/semanage.h 16 | fi 17 | for i in `awk '/extern int/ { print $6 }' temp.aux`; do except $i ; done 18 | rm -f -- temp.aux -.o 19 | -------------------------------------------------------------------------------- /jni/selinux/libsepol/src/handle.h: -------------------------------------------------------------------------------- 1 | #ifndef _SEPOL_INTERNAL_HANDLE_H_ 2 | #define _SEPOL_INTERNAL_HANDLE_H_ 3 | 4 | #include 5 | 6 | struct sepol_handle { 7 | /* Error handling */ 8 | int msg_level; 9 | const char *msg_channel; 10 | const char *msg_fname; 11 | #ifdef __GNUC__ 12 | __attribute__ ((format(printf, 3, 4))) 13 | #endif 14 | void (*msg_callback) (void *varg, 15 | sepol_handle_t * handle, const char *fmt, ...); 16 | void *msg_callback_arg; 17 | 18 | int disable_dontaudit; 19 | int expand_consume_base; 20 | int preserve_tunables; 21 | }; 22 | 23 | #endif 24 | -------------------------------------------------------------------------------- /jni/selinux/mcstrans/share/examples/include/setrans.conf: -------------------------------------------------------------------------------- 1 | # 2 | # Multi-Level Security translation table for SELinux 3 | # 4 | # Uncomment the following to disable translation libary 5 | # disable=1 6 | # 7 | # Objects can be labeled with one of 16 levels and be categorized with 0-1023 8 | # categories defined by the admin. 9 | # Objects can be in more than one category at a time. 10 | # Users can modify this table to translate the MLS labels for different purpose. 11 | # 12 | 13 | # Demonstrate Include by moving everthing to an include file 14 | # 15 | Include=/etc/selinux/mls/setrans.d/include-example 16 | -------------------------------------------------------------------------------- /jni/selinux/mcstrans/share/examples/urcsts-via-include/setrans.conf: -------------------------------------------------------------------------------- 1 | # 2 | # Multi-Level Security translation table for SELinux 3 | # 4 | # Uncomment the following to disable translation libary 5 | # disable=1 6 | # 7 | # Objects can be labeled with one of 16 levels and be categorized with 0-1023 8 | # categories defined by the admin. 9 | # Objects can be in more than one category at a time. 10 | # Users can modify this table to translate the MLS labels for different purpose. 11 | # 12 | 13 | # Demonstrate Include by moving everthing to an include file 14 | # 15 | Include=/etc/selinux/mls/setrans.d/*.conf 16 | -------------------------------------------------------------------------------- /jni/selinux/mcstrans/share/examples/urcsts/secolor.conf: -------------------------------------------------------------------------------- 1 | 2 | color black = #000000 3 | color green = #008000 4 | color yellow = #ffff00 5 | color blue = #0000ff 6 | color white = #ffffff 7 | color red = #ff0000 8 | color orange = #ffa500 9 | color tan = #D2B48C 10 | 11 | user * = black black 12 | role * = black black 13 | type * = black black 14 | range s0-s0:c0.c1023 = black green 15 | range s1-s1:c0.c1023 = black green 16 | range s3-s3:c0.c1023 = black tan 17 | range s5-s5:c0.c1023 = white blue 18 | range s7-s7:c0.c1023 = black red 19 | range s9-s9:c0.c1023 = black orange 20 | range s15:c0.c1023 = black yellow 21 | 22 | -------------------------------------------------------------------------------- /jni/selinux/libselinux/utils/getfilecon.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | #include 4 | #include 5 | 6 | int main(int argc, char **argv) 7 | { 8 | char *buf; 9 | int rc, i; 10 | 11 | if (argc < 2) { 12 | fprintf(stderr, "usage: %s path...\n", argv[0]); 13 | exit(1); 14 | } 15 | 16 | for (i = 1; i < argc; i++) { 17 | rc = getfilecon(argv[i], &buf); 18 | if (rc < 0) { 19 | fprintf(stderr, "%s: getfilecon(%s) failed\n", argv[0], 20 | argv[i]); 21 | exit(2); 22 | } 23 | printf("%s\t%s\n", argv[i], buf); 24 | freecon(buf); 25 | } 26 | exit(0); 27 | } 28 | -------------------------------------------------------------------------------- /jni/include/resetprop.h: -------------------------------------------------------------------------------- 1 | /* resetprop.h - API for resetprop 2 | */ 3 | 4 | #ifndef _RESETPROP_H_ 5 | #define _RESETPROP_H_ 6 | 7 | #ifdef __cplusplus 8 | extern "C" { 9 | #endif 10 | 11 | int prop_exist(const char *name); 12 | int setprop(const char *name, const char *value); 13 | int setprop2(const char *name, const char *value, const int trigger); 14 | char *getprop(const char *name); 15 | int deleteprop(const char *name, const int trigger); 16 | int read_prop_file(const char* filename, const int trigger); 17 | void getprop_all(void (*cbk)(const char *name)); 18 | 19 | #ifdef __cplusplus 20 | } 21 | #endif 22 | 23 | #endif 24 | -------------------------------------------------------------------------------- /jni/selinux/dbus/Makefile: -------------------------------------------------------------------------------- 1 | all: 2 | 3 | clean: 4 | 5 | install: 6 | -mkdir -p $(DESTDIR)/etc/dbus-1/system.d/ 7 | install -m 644 org.selinux.conf $(DESTDIR)/etc/dbus-1/system.d/ 8 | -mkdir -p $(DESTDIR)/usr/share/dbus-1/system-services 9 | install -m 644 org.selinux.service $(DESTDIR)/usr/share/dbus-1/system-services 10 | -mkdir -p $(DESTDIR)/usr/share/polkit-1/actions/ 11 | install -m 644 org.selinux.policy $(DESTDIR)/usr/share/polkit-1/actions/ 12 | -mkdir -p $(DESTDIR)/usr/share/system-config-selinux 13 | install -m 755 selinux_server.py $(DESTDIR)/usr/share/system-config-selinux 14 | 15 | relabel: 16 | 17 | test: 18 | -------------------------------------------------------------------------------- /jni/selinux/mcstrans/share/examples/urcsts-via-include/secolor.conf: -------------------------------------------------------------------------------- 1 | 2 | color black = #000000 3 | color green = #008000 4 | color yellow = #ffff00 5 | color blue = #0000ff 6 | color white = #ffffff 7 | color red = #ff0000 8 | color orange = #ffa500 9 | color tan = #D2B48C 10 | 11 | user * = black black 12 | role * = black black 13 | type * = black black 14 | range s0-s0:c0.c1023 = black green 15 | range s1-s1:c0.c1023 = black green 16 | range s3-s3:c0.c1023 = black tan 17 | range s5-s5:c0.c1023 = white blue 18 | range s7-s7:c0.c1023 = black red 19 | range s9-s9:c0.c1023 = black orange 20 | range s15:c0.c1023 = black yellow 21 | 22 | -------------------------------------------------------------------------------- /jni/selinux/python/sepolicy/sepolicy/help/files_apps.txt: -------------------------------------------------------------------------------- 1 | This screen shows application types that are defined for process running with the '%(APP)s' type. 2 | 3 | 4 | The description should give you a decent description for what the application is allowed to do with the type. If your application type is being denied access to a particular file, you might want to change the label of that file. 5 | 6 | It is recommended that you use one of the types defined on this page. 7 | 8 | Note if the label of the content that is being denied is owned by another domain, you might have to write policy or use 'audit2allow -M mypol' to allow access. 9 | -------------------------------------------------------------------------------- /jni/selinux/python/sepolicy/setup.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | 3 | # Author: Thomas Liu 4 | # Author: Dan Walsh 5 | from distutils.core import setup 6 | 7 | setup( 8 | name="sepolicy", 9 | version="1.1", 10 | description="Python SELinux Policy Analyses bindings", 11 | author="Daniel Walsh", 12 | author_email="dwalsh@redhat.com", 13 | packages=[ 14 | "sepolicy", 15 | "sepolicy.templates", 16 | "sepolicy.help" 17 | ], 18 | package_data={ 19 | 'sepolicy': ['*.glade'], 20 | 'sepolicy.help': ['*.txt', '*.png'] 21 | } 22 | ) 23 | -------------------------------------------------------------------------------- /jni/selinux/libselinux/man/man3/selinux_check_securetty_context.3: -------------------------------------------------------------------------------- 1 | .TH "selinux_check_securetty_context" "3" "1 January 2007" "dwalsh@redhat.com" "SELinux API documentation" 2 | .SH "NAME" 3 | selinux_check_securetty_context \- check whether a SELinux tty security context is defined as a securetty context 4 | . 5 | .SH "SYNOPSIS" 6 | .B #include 7 | .sp 8 | .BI "int selinux_check_securetty_context(char *" tty_context ); 9 | . 10 | .SH "DESCRIPTION" 11 | .BR selinux_check_securetty_context () 12 | returns 0 if tty_context is a securetty context, 13 | returns < 0 otherwise. 14 | . 15 | .SH "SEE ALSO" 16 | .BR selinux "(8)" 17 | -------------------------------------------------------------------------------- /jni/selinux/libselinux/man/man8/selinuxenabled.8: -------------------------------------------------------------------------------- 1 | .TH "selinuxenabled" "8" "7 April 2004" "dwalsh@redhat.com" "SELinux Command Line documentation" 2 | .SH "NAME" 3 | selinuxenabled \- tool to be used within shell scripts to determine if selinux is enabled 4 | . 5 | .SH "SYNOPSIS" 6 | .B selinuxenabled 7 | . 8 | .SH "DESCRIPTION" 9 | Indicates whether SELinux is enabled or disabled. 10 | . 11 | .SH "EXIT STATUS" 12 | It exits with status 0 if SELinux is enabled and 1 if it is not enabled. 13 | . 14 | .SH AUTHOR 15 | Dan Walsh, 16 | . 17 | .SH "SEE ALSO" 18 | .BR selinux (8), 19 | .BR setenforce (8), 20 | .BR getenforce (8) 21 | -------------------------------------------------------------------------------- /jni/selinux/libsepol/include/Makefile: -------------------------------------------------------------------------------- 1 | # Installation directories. 2 | PREFIX ?= $(DESTDIR)/usr 3 | INCDIR ?= $(PREFIX)/include/sepol 4 | CILDIR ?= ../cil 5 | 6 | all: 7 | 8 | install: all 9 | test -d $(INCDIR) || install -m 755 -d $(INCDIR) 10 | test -d $(INCDIR)/policydb || install -m 755 -d $(INCDIR)/policydb 11 | test -d $(INCDIR)/cil || install -m 755 -d $(INCDIR)/cil 12 | install -m 644 $(wildcard sepol/*.h) $(INCDIR) 13 | install -m 644 $(wildcard sepol/policydb/*.h) $(INCDIR)/policydb 14 | install -m 644 $(wildcard $(CILDIR)/include/cil/*.h) $(INCDIR)/cil 15 | 16 | indent: 17 | ../../scripts/Lindent $(wildcard sepol/*.h) 18 | -------------------------------------------------------------------------------- /jni/selinux/libsepol/man/man8/genpolbools.8: -------------------------------------------------------------------------------- 1 | .TH "genpolbools" "8" "11 August 2004" "sds@epoch.ncsc.mil" "SELinux Command Line documentation" 2 | .SH "NAME" 3 | genpolbools \- Rewrite a binary policy with different boolean settings 4 | .SH "SYNOPSIS" 5 | .B genpolbools oldpolicy booleans newpolicy 6 | 7 | .SH "DESCRIPTION" 8 | .B genpolbools 9 | rewrites an existing binary policy with different boolean settings, 10 | generating a new binary policy. The booleans file specifies the 11 | different boolean settings using name=value lines, where value 12 | can be 0 or false to disable the boolean or 1 or true to enable it. 13 | 14 | 15 | 16 | 17 | -------------------------------------------------------------------------------- /jni/selinux/python/sepolicy/sepolicy/help/files_write.txt: -------------------------------------------------------------------------------- 1 | This screen shows files types to which a process running with the '%(APP)s' type is allowed to write. 2 | 3 | 4 | The description should give you a decent description for what the application is allowed to do with the type. If your application type is being denied access to a particular file, you might want to change the label of that file. 5 | 6 | It is recommended that you use one of the types defined on this page. 7 | 8 | Note if the label of the content that is being denied is owned by another domain, you might have to write policy or use 'audit2allow -M mypol' 9 | to allow access. 10 | -------------------------------------------------------------------------------- /jni/selinux/libsepol/src/iface_internal.h: -------------------------------------------------------------------------------- 1 | #ifndef _SEPOL_IFACE_INTERNAL_H_ 2 | #define _SEPOL_IFACE_INTERNAL_H_ 3 | 4 | #include 5 | #include 6 | #include "dso.h" 7 | 8 | hidden_proto(sepol_iface_create) 9 | hidden_proto(sepol_iface_free) 10 | hidden_proto(sepol_iface_get_ifcon) 11 | hidden_proto(sepol_iface_get_msgcon) 12 | hidden_proto(sepol_iface_get_name) 13 | hidden_proto(sepol_iface_key_create) 14 | hidden_proto(sepol_iface_key_unpack) 15 | hidden_proto(sepol_iface_set_ifcon) 16 | hidden_proto(sepol_iface_set_msgcon) 17 | hidden_proto(sepol_iface_set_name) 18 | #endif 19 | -------------------------------------------------------------------------------- /jni/selinux/libsepol/src/android_m_compat.h: -------------------------------------------------------------------------------- 1 | /* 2 | * extended permissions compatibility. Make ToT Android kernels compatible 3 | * with Android M releases 4 | */ 5 | #define AVTAB_OPTYPE_ALLOWED 0x1000 6 | #define AVTAB_OPTYPE_AUDITALLOW 0x2000 7 | #define AVTAB_OPTYPE_DONTAUDIT 0x4000 8 | #define AVTAB_OPTYPE (AVTAB_OPTYPE_ALLOWED | \ 9 | AVTAB_OPTYPE_AUDITALLOW | \ 10 | AVTAB_OPTYPE_DONTAUDIT) 11 | #define AVTAB_XPERMS_OPTYPE 4 12 | 13 | #define avtab_xperms_to_optype(x) (x << AVTAB_XPERMS_OPTYPE) 14 | #define avtab_optype_to_xperms(x) (x >> AVTAB_XPERMS_OPTYPE) 15 | 16 | extern unsigned int avtab_android_m_compat; 17 | 18 | void avtab_android_m_compat_set(void); 19 | -------------------------------------------------------------------------------- /jni/selinux/libsepol/src/ibendport_internal.h: -------------------------------------------------------------------------------- 1 | #ifndef _SEPOL_IBENDPORT_INTERNAL_H_ 2 | #define _SEPOL_IBENDPORT_INTERNAL_H_ 3 | 4 | #include 5 | #include 6 | #include "dso.h" 7 | 8 | hidden_proto(sepol_ibendport_create) 9 | hidden_proto(sepol_ibendport_free) 10 | hidden_proto(sepol_ibendport_get_con) 11 | hidden_proto(sepol_ibendport_get_port) 12 | hidden_proto(sepol_ibendport_key_create) 13 | hidden_proto(sepol_ibendport_key_unpack) 14 | hidden_proto(sepol_ibendport_set_con) 15 | hidden_proto(sepol_ibendport_set_port) 16 | hidden_proto(sepol_ibendport_get_ibdev_name) 17 | hidden_proto(sepol_ibendport_set_ibdev_name) 18 | #endif 19 | -------------------------------------------------------------------------------- /jni/selinux/mcstrans/share/examples/nato/setrans.conf: -------------------------------------------------------------------------------- 1 | # UNCLASSIFIED 2 | Domain=NATOEXAMPLE 3 | 4 | s0=SystemLow 5 | s15:c0.c1023=SystemHigh 6 | s0-s15:c0.c1023=SystemLow-SystemHigh 7 | 8 | Base=Sensitivity Levels 9 | s1=UNCLASSIFIED 10 | s3:c0,c2,c11,c200.c511=RESTRICTED 11 | s4:c0,c2,c11,c200.c511=CONFIDENTIAL 12 | s5:c0,c2,c11,c200.c511=SECRET 13 | 14 | s1:c1=NATO UNCLASSIFIED 15 | s3:c1,c200.c511=NATO RESTRICTED 16 | s4:c1,c200.c511=NATO CONFIDENTIAL 17 | s5:c1,c200.c511=NATO SECRET 18 | 19 | Include=/etc/selinux/mls/setrans.d/rel.conf 20 | Include=/etc/selinux/mls/setrans.d/eyes-only.conf 21 | Include=/etc/selinux/mls/setrans.d/constraints.conf 22 | 23 | # UNCLASSIFIED 24 | -------------------------------------------------------------------------------- /jni/selinux/libsepol/include/sepol/policydb/link.h: -------------------------------------------------------------------------------- 1 | /* Authors: Jason Tang 2 | * Joshua Brindle 3 | * Karl MacMillan 4 | */ 5 | 6 | #ifndef _SEPOL_POLICYDB_LINK_H 7 | #define _SEPOL_POLICYDB_LINK_H 8 | 9 | #include 10 | #include 11 | #include 12 | 13 | 14 | #include 15 | 16 | #ifdef __cplusplus 17 | extern "C" { 18 | #endif 19 | 20 | extern int link_modules(sepol_handle_t * handle, 21 | policydb_t * b, policydb_t ** mods, int len, 22 | int verbose); 23 | 24 | #ifdef __cplusplus 25 | } 26 | #endif 27 | 28 | #endif 29 | -------------------------------------------------------------------------------- /jni/selinux/mcstrans/utils/Makefile: -------------------------------------------------------------------------------- 1 | # Installation directories. 2 | PREFIX ?= $(DESTDIR)/usr 3 | LIBDIR ?= $(PREFIX)/lib 4 | SBINDIR ?= $(PREFIX)/sbin 5 | LIBSEPOLA ?= $(LIBDIR)/libsepol.a 6 | 7 | CFLAGS ?= -Wall 8 | override CFLAGS += -I../src -D_GNU_SOURCE 9 | override LDLIBS += -lselinux -lpcre 10 | 11 | TARGETS=$(patsubst %.c,%,$(sort $(wildcard *.c))) 12 | 13 | all: $(TARGETS) 14 | 15 | $(TARGETS): ../src/mcstrans.o ../src/mls_level.o $(LIBSEPOLA) 16 | 17 | install: all 18 | -mkdir -p $(SBINDIR) 19 | install -m 755 $(TARGETS) $(SBINDIR) 20 | 21 | test: 22 | ./mlstrans-test-runner.py ../test/*.test 23 | 24 | clean: 25 | rm -f $(TARGETS) *.o *~ \#* 26 | 27 | relabel: 28 | 29 | -------------------------------------------------------------------------------- /jni/selinux/libselinux/src/exception.sh: -------------------------------------------------------------------------------- 1 | function except() { 2 | case $1 in 3 | selinux_file_context_cmp) # ignore 4 | ;; 5 | *) 6 | echo " 7 | %exception $1 { 8 | \$action 9 | if (result < 0) { 10 | PyErr_SetFromErrno(PyExc_OSError); 11 | SWIG_fail; 12 | } 13 | } 14 | " 15 | ;; 16 | esac 17 | } 18 | if ! ${CC:-gcc} -x c -c -I../include - -aux-info temp.aux < ../include/selinux/selinux.h 19 | then 20 | # clang does not support -aux-info so fall back to gcc 21 | gcc -x c -c -I../include - -aux-info temp.aux < ../include/selinux/selinux.h 22 | fi 23 | for i in `awk '/.*extern int/ { print $6 }' temp.aux`; do except $i ; done 24 | rm -f -- temp.aux -.o 25 | -------------------------------------------------------------------------------- /jni/selinux/libselinux/utils/getpidcon.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | #include 4 | #include 5 | 6 | int main(int argc, char **argv) 7 | { 8 | pid_t pid; 9 | char *buf; 10 | int rc; 11 | 12 | if (argc != 2) { 13 | fprintf(stderr, "usage: %s pid\n", argv[0]); 14 | exit(1); 15 | } 16 | 17 | if (sscanf(argv[1], "%d", &pid) != 1) { 18 | fprintf(stderr, "%s: invalid pid %s\n", argv[0], argv[1]); 19 | exit(2); 20 | } 21 | 22 | rc = getpidcon(pid, &buf); 23 | if (rc < 0) { 24 | fprintf(stderr, "%s: getpidcon() failed\n", argv[0]); 25 | exit(3); 26 | } 27 | 28 | printf("%s\n", buf); 29 | freecon(buf); 30 | exit(0); 31 | } 32 | -------------------------------------------------------------------------------- /jni/selinux/python/sepolicy/sepolicy/help/transition_to.txt: -------------------------------------------------------------------------------- 1 | This screen shows the SELinux process 'types' which will transition to the '%(APP)s' type when executing the 'Commands File Paths'. 2 | 3 | 4 | Under SELinux, when a process running with a 'type' attempts to execute an executable, one of three things can happen. 5 | 6 | 1. The process can be prevented from running the executable. 7 | 2. The executable executes with the same label as parent. 8 | 3. The executable 'transitions' to a new 'type' based on policy. 9 | 10 | This screen shows the executables that transition to another domain when '%(APP)s' executes them, and the 'SELinux Application Type' of the newly created process. 11 | -------------------------------------------------------------------------------- /jni/selinux/python/sepolicy/sepolicy/help/transition_from.txt: -------------------------------------------------------------------------------- 1 | This screen shows when a process running with the '%(APP)s' type executes 'Commands File Paths' that they will transition to the specified types. 2 | 3 | 4 | Under SELinux, when a process running with a 'type' attempts to execute an executable, one of three things can happen. 5 | 6 | 1. The process can be prevented from running the executable. 7 | 2. The executable executes with the same label as parent. 8 | 3. The executable 'transitions' to a new 'type' based on policy. 9 | 10 | This screen shows the executables that transition to another domain when '%(APP)s' executes them, and the 'SELinux Application Type' of the newly created process. 11 | -------------------------------------------------------------------------------- /jni/selinux/libsemanage/Makefile: -------------------------------------------------------------------------------- 1 | all: 2 | $(MAKE) -C src all 3 | 4 | swigify: 5 | $(MAKE) -C src swigify 6 | 7 | pywrap: 8 | $(MAKE) -C src pywrap 9 | 10 | rubywrap: 11 | $(MAKE) -C src rubywrap 12 | 13 | install: 14 | $(MAKE) -C include install 15 | $(MAKE) -C src install 16 | $(MAKE) -C man install 17 | $(MAKE) -C utils install 18 | 19 | install-pywrap: 20 | $(MAKE) -C src install-pywrap 21 | 22 | install-rubywrap: 23 | $(MAKE) -C src install-rubywrap 24 | 25 | relabel: 26 | $(MAKE) -C src relabel 27 | 28 | clean distclean: 29 | $(MAKE) -C src $@ 30 | $(MAKE) -C tests $@ 31 | 32 | indent: 33 | $(MAKE) -C src $@ 34 | $(MAKE) -C include $@ 35 | 36 | test: all 37 | $(MAKE) -C tests test 38 | -------------------------------------------------------------------------------- /jni/selinux/mcstrans/utils/untranscon.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | #include 4 | #include 5 | #include 6 | #include 7 | #include 8 | #include "mcstrans.h" 9 | 10 | static __attribute__((__noreturn__)) void usage(const char *progname) 11 | { 12 | fprintf(stderr, "usage: %s context\n", progname); 13 | exit(1); 14 | } 15 | int main(int argc, char **argv) { 16 | security_context_t scon; 17 | if ( argc != 2 ) usage(argv[0]); 18 | if (init_translations()==0) { 19 | if(untrans_context(argv[1],&scon) == 0) { 20 | printf("%s\n", scon); 21 | freecon(scon); 22 | return 0; 23 | } 24 | } 25 | return -1; 26 | } 27 | 28 | 29 | -------------------------------------------------------------------------------- /jni/selinux/libsepol/src/port_internal.h: -------------------------------------------------------------------------------- 1 | #ifndef _SEPOL_PORT_INTERNAL_H_ 2 | #define _SEPOL_PORT_INTERNAL_H_ 3 | 4 | #include 5 | #include 6 | #include "dso.h" 7 | 8 | hidden_proto(sepol_port_create) 9 | hidden_proto(sepol_port_free) 10 | hidden_proto(sepol_port_get_con) 11 | hidden_proto(sepol_port_get_high) 12 | hidden_proto(sepol_port_get_low) 13 | hidden_proto(sepol_port_get_proto) 14 | hidden_proto(sepol_port_get_proto_str) 15 | hidden_proto(sepol_port_key_create) 16 | hidden_proto(sepol_port_key_unpack) 17 | hidden_proto(sepol_port_set_con) 18 | hidden_proto(sepol_port_set_proto) 19 | hidden_proto(sepol_port_set_range) 20 | #endif 21 | -------------------------------------------------------------------------------- /jni/selinux/semodule-utils/semodule_link/Makefile: -------------------------------------------------------------------------------- 1 | # Installation directories. 2 | PREFIX ?= $(DESTDIR)/usr 3 | INCLUDEDIR ?= $(PREFIX)/include 4 | BINDIR ?= $(PREFIX)/bin 5 | MANDIR ?= $(PREFIX)/share/man 6 | LIBDIR ?= $(PREFIX)/lib 7 | 8 | CFLAGS ?= -Werror -Wall -W 9 | override LDLIBS += -lsepol 10 | 11 | all: semodule_link 12 | 13 | semodule_link: semodule_link.o 14 | 15 | install: all 16 | -mkdir -p $(BINDIR) 17 | install -m 755 semodule_link $(BINDIR) 18 | test -d $(MANDIR)/man8 || install -m 755 -d $(MANDIR)/man8 19 | install -m 644 semodule_link.8 $(MANDIR)/man8/ 20 | 21 | relabel: 22 | 23 | clean: 24 | -rm -f semodule_link *.o 25 | 26 | indent: 27 | ../../scripts/Lindent $(wildcard *.[ch]) 28 | 29 | -------------------------------------------------------------------------------- /jni/selinux/libselinux/utils/getenforce.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | #include 4 | #include 5 | 6 | int main(int argc __attribute__ ((unused)), 7 | char **argv __attribute__ ((unused))) 8 | { 9 | int rc; 10 | 11 | rc = is_selinux_enabled(); 12 | if (rc < 0) { 13 | fputs("getenforce: is_selinux_enabled() failed", stderr); 14 | return 2; 15 | } 16 | if (rc == 1) { 17 | rc = security_getenforce(); 18 | if (rc < 0) { 19 | fputs("getenforce: getenforce() failed", stderr); 20 | return 2; 21 | } 22 | 23 | if (rc) 24 | puts("Enforcing"); 25 | else 26 | puts("Permissive"); 27 | } else { 28 | puts("Disabled"); 29 | } 30 | 31 | return 0; 32 | } 33 | -------------------------------------------------------------------------------- /jni/selinux/libsepol/src/context_internal.h: -------------------------------------------------------------------------------- 1 | #ifndef _SEPOL_CONTEXT_INTERNAL_H_ 2 | #define _SEPOL_CONTEXT_INTERNAL_H_ 3 | 4 | #include 5 | #include "dso.h" 6 | 7 | hidden_proto(sepol_context_clone) 8 | hidden_proto(sepol_context_create) 9 | hidden_proto(sepol_context_free) 10 | hidden_proto(sepol_context_from_string) 11 | hidden_proto(sepol_context_get_mls) 12 | hidden_proto(sepol_context_get_role) 13 | hidden_proto(sepol_context_get_type) 14 | hidden_proto(sepol_context_get_user) 15 | hidden_proto(sepol_context_set_mls) 16 | hidden_proto(sepol_context_set_role) 17 | hidden_proto(sepol_context_set_type) 18 | hidden_proto(sepol_context_set_user) 19 | #endif 20 | -------------------------------------------------------------------------------- /jni/selinux/libsepol/src/user_internal.h: -------------------------------------------------------------------------------- 1 | #ifndef _SEPOL_USER_INTERNAL_H_ 2 | #define _SEPOL_USER_INTERNAL_H_ 3 | 4 | #include 5 | #include 6 | #include "dso.h" 7 | 8 | hidden_proto(sepol_user_add_role) 9 | hidden_proto(sepol_user_create) 10 | hidden_proto(sepol_user_free) 11 | hidden_proto(sepol_user_get_mlslevel) 12 | hidden_proto(sepol_user_get_mlsrange) 13 | hidden_proto(sepol_user_get_roles) 14 | hidden_proto(sepol_user_has_role) 15 | hidden_proto(sepol_user_key_create) 16 | hidden_proto(sepol_user_key_unpack) 17 | hidden_proto(sepol_user_set_mlslevel) 18 | hidden_proto(sepol_user_set_mlsrange) 19 | hidden_proto(sepol_user_set_name) 20 | #endif 21 | -------------------------------------------------------------------------------- /jni/selinux/libsepol/tests/policies/test-expander/base-base-only.conf: -------------------------------------------------------------------------------- 1 | class security 2 | class file 3 | 4 | sid kernel 5 | 6 | common file 7 | { 8 | read 9 | } 10 | 11 | class file 12 | inherits file 13 | { 14 | entrypoint 15 | } 16 | 17 | class security 18 | { 19 | compute_av 20 | } 21 | 22 | ifdef(`enable_mls',` 23 | sensitivity s0; 24 | 25 | dominance { s0 } 26 | 27 | category c0; 28 | 29 | level s0:c0; 30 | 31 | mlsconstrain file { read } 32 | ( h1 dom h2 ); 33 | ') 34 | 35 | attribute myattr; 36 | type mytype_t; 37 | role myrole_r; 38 | role myrole_r types mytype_t; 39 | bool mybool true; 40 | gen_user(myuser_u,, myrole_r, s0, s0 - s0:c0) 41 | 42 | sid kernel gen_context(myuser_u:myrole_r:mytype_t, s0) 43 | 44 | 45 | -------------------------------------------------------------------------------- /jni/selinux/semodule-utils/semodule_expand/Makefile: -------------------------------------------------------------------------------- 1 | # Installation directories. 2 | PREFIX ?= $(DESTDIR)/usr 3 | INCLUDEDIR ?= $(PREFIX)/include 4 | BINDIR ?= $(PREFIX)/bin 5 | LIBDIR ?= $(PREFIX)/lib 6 | MANDIR ?= $(PREFIX)/share/man 7 | 8 | CFLAGS ?= -Werror -Wall -W 9 | override LDLIBS += -lsepol 10 | 11 | all: semodule_expand 12 | 13 | semodule_expand: semodule_expand.o 14 | 15 | install: all 16 | -mkdir -p $(BINDIR) 17 | install -m 755 semodule_expand $(BINDIR) 18 | test -d $(MANDIR)/man8 || install -m 755 -d $(MANDIR)/man8 19 | install -m 644 semodule_expand.8 $(MANDIR)/man8/ 20 | 21 | relabel: 22 | 23 | clean: 24 | -rm -f semodule_expand *.o 25 | 26 | indent: 27 | ../../scripts/Lindent $(wildcard *.[ch]) 28 | 29 | -------------------------------------------------------------------------------- /jni/selinux/mcstrans/utils/transcon.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | #include 4 | #include 5 | #include 6 | #include 7 | #include 8 | #include "mcstrans.h" 9 | 10 | static __attribute__((__noreturn__)) void usage(const char *progname) 11 | { 12 | fprintf(stderr, "usage: %s context\n", progname); 13 | exit(1); 14 | } 15 | 16 | int main(int argc, char **argv) { 17 | security_context_t scon; 18 | if ( argc != 2 ) usage(argv[0]); 19 | if (init_translations()==0) { 20 | if(trans_context(argv[1],&scon) == 0) { 21 | printf("%s\n", scon); 22 | freecon(scon); 23 | return 0; 24 | } 25 | } 26 | printf("Failed\n"); 27 | return -1; 28 | } 29 | 30 | 31 | -------------------------------------------------------------------------------- /jni/selinux/semodule-utils/semodule_deps/Makefile: -------------------------------------------------------------------------------- 1 | # Installation directories. 2 | PREFIX ?= $(DESTDIR)/usr 3 | INCLUDEDIR ?= $(PREFIX)/include 4 | BINDIR ?= $(PREFIX)/bin 5 | LIBDIR ?= $(PREFIX)/lib 6 | MANDIR ?= $(PREFIX)/share/man 7 | LIBSEPOLA ?= $(LIBDIR)/libsepol.a 8 | 9 | CFLAGS ?= -Werror -Wall -W 10 | 11 | all: semodule_deps 12 | 13 | semodule_deps: semodule_deps.o $(LIBSEPOLA) 14 | 15 | install: all 16 | -mkdir -p $(BINDIR) 17 | install -m 755 semodule_deps $(BINDIR) 18 | test -d $(MANDIR)/man8 || install -m 755 -d $(MANDIR)/man8 19 | install -m 644 semodule_deps.8 $(MANDIR)/man8/ 20 | 21 | relabel: 22 | 23 | clean: 24 | -rm -f semodule_deps *.o 25 | 26 | indent: 27 | ../../scripts/Lindent $(wildcard *.[ch]) 28 | 29 | -------------------------------------------------------------------------------- /jni/selinux/libselinux/man/man8/togglesebool.8: -------------------------------------------------------------------------------- 1 | .TH "togglesebool" "8" "26 Oct 2004" "sgrubb@redhat.com" "SELinux Command Line documentation" 2 | .SH "NAME" 3 | togglesebool \- flip the current value of a SELinux boolean 4 | . 5 | .SH "SYNOPSIS" 6 | .B togglesebool 7 | .I boolean... 8 | . 9 | .SH "DESCRIPTION" 10 | .B togglesebool 11 | flips the current value of a list of booleans. If the value is currently a 1, 12 | then it will be changed to a 0 and vice versa. Only the "in memory" values are 13 | changed; the boot-time settings are unaffected. 14 | . 15 | .SH AUTHOR 16 | This man page was written by Steve Grubb 17 | . 18 | .SH "SEE ALSO" 19 | .BR selinux (8), 20 | .BR booleans (8), 21 | .BR getsebool (8), 22 | .BR setsebool (8) 23 | -------------------------------------------------------------------------------- /jni/external/selinux/get_default_type.h: -------------------------------------------------------------------------------- 1 | /* get_default_type.h - contains header information and function prototypes 2 | * for functions to get the default type for a role 3 | */ 4 | 5 | #ifndef _SELINUX_GET_DEFAULT_TYPE_H_ 6 | #define _SELINUX_GET_DEFAULT_TYPE_H_ 7 | 8 | #ifdef __cplusplus 9 | extern "C" { 10 | #endif 11 | 12 | /* Return path to default type file. */ 13 | const char *selinux_default_type_path(void); 14 | 15 | /* Get the default type (domain) for 'role' and set 'type' to refer to it. 16 | Caller must free via free(). 17 | Return 0 on success or -1 otherwise. */ 18 | int get_default_type(const char *role, char **type); 19 | 20 | #ifdef __cplusplus 21 | } 22 | #endif 23 | #endif /* ifndef _GET_DEFAULT_TYPE_H_ */ 24 | -------------------------------------------------------------------------------- /jni/selinux/libselinux/src/dso.h: -------------------------------------------------------------------------------- 1 | #ifndef _SELINUX_DSO_H 2 | #define _SELINUX_DSO_H 1 3 | 4 | #ifdef SHARED 5 | # define hidden __attribute__ ((visibility ("hidden"))) 6 | # define hidden_proto(fct) __hidden_proto (fct, fct##_internal) 7 | # define __hidden_proto(fct, internal) \ 8 | extern __typeof (fct) internal; \ 9 | extern __typeof (fct) fct __asm (#internal) hidden; 10 | # if defined(__alpha__) || defined(__mips__) 11 | # define hidden_def(fct) \ 12 | asm (".globl " #fct "\n" #fct " = " #fct "_internal"); 13 | # else 14 | # define hidden_def(fct) \ 15 | asm (".globl " #fct "\n.set " #fct ", " #fct "_internal"); 16 | #endif 17 | #else 18 | # define hidden 19 | # define hidden_proto(fct) 20 | # define hidden_def(fct) 21 | #endif 22 | 23 | #endif 24 | -------------------------------------------------------------------------------- /jni/selinux/python/sepolicy/sepolicy-gui.8: -------------------------------------------------------------------------------- 1 | .TH "sepolicy-gui" "8" "20121005" "" "" 2 | .SH "NAME" 3 | sepolicy-gui \- Graphical User Interface for SELinux policy. 4 | 5 | .SH "SYNOPSIS" 6 | 7 | Common options 8 | 9 | .B sepolicy gui [\-h ] [ \-d DOMAIN ] 10 | 11 | .br 12 | 13 | .SH "DESCRIPTION" 14 | Use \fBsepolicy gui\fP to run a the graphical user interface, which 15 | allows you to explore how SELinux confines different process domains. 16 | 17 | .SH "OPTIONS" 18 | .TP 19 | .I \-h, \-\-help 20 | Display help message 21 | .TP 22 | .I \-d, \-\-domain 23 | Initialize gui to the selected domain. 24 | 25 | .SH "AUTHOR" 26 | This man page was written by Daniel Walsh 27 | 28 | .SH "SEE ALSO" 29 | sepolicy(8), selinux(8) 30 | -------------------------------------------------------------------------------- /jni/selinux/libselinux/include/selinux/get_default_type.h: -------------------------------------------------------------------------------- 1 | /* get_default_type.h - contains header information and function prototypes 2 | * for functions to get the default type for a role 3 | */ 4 | 5 | #ifndef _SELINUX_GET_DEFAULT_TYPE_H_ 6 | #define _SELINUX_GET_DEFAULT_TYPE_H_ 7 | 8 | #ifdef __cplusplus 9 | extern "C" { 10 | #endif 11 | 12 | /* Return path to default type file. */ 13 | const char *selinux_default_type_path(void); 14 | 15 | /* Get the default type (domain) for 'role' and set 'type' to refer to it. 16 | Caller must free via free(). 17 | Return 0 on success or -1 otherwise. */ 18 | int get_default_type(const char *role, char **type); 19 | 20 | #ifdef __cplusplus 21 | } 22 | #endif 23 | #endif /* ifndef _GET_DEFAULT_TYPE_H_ */ 24 | -------------------------------------------------------------------------------- /jni/selinux/libsemanage/src/dso.h: -------------------------------------------------------------------------------- 1 | #ifndef _SEMANAGE_DSO_H 2 | #define _SEMANAGE_DSO_H 1 3 | 4 | #ifdef SHARED 5 | # define hidden __attribute__ ((visibility ("hidden"))) 6 | # define hidden_proto(fct) __hidden_proto (fct, fct##_internal) 7 | # define __hidden_proto(fct, internal) \ 8 | extern __typeof (fct) internal; \ 9 | extern __typeof (fct) fct __asm (#internal) hidden; 10 | # if defined(__alpha__) || defined(__mips__) 11 | # define hidden_def(fct) \ 12 | asm (".globl " #fct "\n" #fct " = " #fct "_internal"); 13 | # else 14 | # define hidden_def(fct) \ 15 | asm (".globl " #fct "\n.set " #fct ", " #fct "_internal"); 16 | #endif 17 | #else 18 | # define hidden 19 | # define hidden_proto(fct) 20 | # define hidden_def(fct) 21 | #endif 22 | 23 | #endif 24 | -------------------------------------------------------------------------------- /jni/selinux/policycoreutils/hll/pp/Makefile: -------------------------------------------------------------------------------- 1 | # Installation directories. 2 | PREFIX ?= $(DESTDIR)/usr 3 | INCLUDEDIR ?= $(PREFIX)/include 4 | MANDIR = $(PREFIX)/share/man 5 | LIBDIR ?= $(PREFIX)/lib 6 | LIBEXECDIR ?= $(PREFIX)/libexec 7 | HLLDIR ?= $(LIBEXECDIR)/selinux/hll 8 | 9 | CFLAGS ?= -Werror -Wall -W 10 | override LDLIBS += -lsepol 11 | 12 | PP_SRCS = $(sort $(wildcard *.c)) 13 | PP_OBJS = $(patsubst %.c,%.o,$(PP_SRCS)) 14 | 15 | all: pp 16 | 17 | pp: $(PP_OBJS) 18 | $(CC) $(LDFLAGS) -o $@ $^ $(LDLIBS) 19 | 20 | %.o: %.c 21 | $(CC) $(CFLAGS) -c -o $@ $^ 22 | 23 | install: all 24 | -mkdir -p $(HLLDIR) 25 | install -m 755 pp $(HLLDIR) 26 | 27 | relabel: 28 | 29 | clean: 30 | -rm -f pp $(PP_OBJS) 31 | 32 | indent: 33 | ../../scripts/Lindent $(wildcard *.[ch]) 34 | -------------------------------------------------------------------------------- /jni/selinux/libselinux/man/man3/security_check_context.3: -------------------------------------------------------------------------------- 1 | .TH "security_check_context" "3" "1 January 2004" "russell@coker.com.au" "SELinux API documentation" 2 | .SH "NAME" 3 | security_check_context \- check the validity of a SELinux context 4 | . 5 | .SH "SYNOPSIS" 6 | .B #include 7 | .sp 8 | .BI "int security_check_context(char *" con ); 9 | .sp 10 | .BI "int security_check_context_raw(char *" con ); 11 | . 12 | .SH "DESCRIPTION" 13 | .BR security_check_context () 14 | returns 0 if SELinux is running and the context is valid, otherwise it 15 | returns \-1. 16 | 17 | .BR security_check_context_raw () 18 | behaves identically to 19 | .BR \%security_check_context () 20 | but does not perform context translation. 21 | . 22 | .SH "SEE ALSO" 23 | .BR selinux "(8)" 24 | -------------------------------------------------------------------------------- /jni/selinux/libsepol/tests/policies/support/misc_macros.spt: -------------------------------------------------------------------------------- 1 | 2 | ######################################## 3 | # 4 | # Helper macros 5 | # 6 | 7 | ######################################## 8 | # 9 | # gen_user(username, prefix, role_set, mls_defaultlevel, mls_range, [mcs_categories]) 10 | # 11 | define(`gen_user',`dnl 12 | ifdef(`users_extra',`dnl 13 | ifelse(`$2',,,`user $1 prefix $2;') 14 | ',`dnl 15 | user $1 roles { $3 }`'ifdef(`enable_mls', ` level $4 range $5')`'ifdef(`enable_mcs',` level s0 range s0`'ifelse(`$6',,,` - s0:$6')'); 16 | ')dnl 17 | ') 18 | 19 | ######################################## 20 | # 21 | # gen_context(context,mls_sensitivity,[mcs_categories]) 22 | # 23 | define(`gen_context',`$1`'ifdef(`enable_mls',`:$2')`'ifdef(`enable_mcs',`:s0`'ifelse(`$3',,,`:$3')')') dnl 24 | -------------------------------------------------------------------------------- /jni/selinux/libsemanage/tests/Makefile: -------------------------------------------------------------------------------- 1 | PREFIX ?= $(DESTDIR)/usr 2 | LIBDIR ?= $(PREFIX)/lib 3 | 4 | # Add your test source files here: 5 | SOURCES = $(sort $(wildcard *.c)) 6 | 7 | ########################################################################### 8 | 9 | EXECUTABLE = libsemanage-tests 10 | CFLAGS += -g -O0 -Wall -W -Wundef -Wmissing-noreturn -Wmissing-format-attribute -Wno-unused-parameter 11 | override CFLAGS += -I../src -I../include 12 | override LDLIBS += -lcunit -lbz2 -laudit -lselinux -lsepol 13 | 14 | OBJECTS = $(SOURCES:.c=.o) 15 | 16 | all: $(EXECUTABLE) 17 | 18 | $(EXECUTABLE): $(OBJECTS) ../src/libsemanage.a 19 | $(CC) $(LDFLAGS) -o $@ $^ $(LDLIBS) 20 | 21 | clean distclean: 22 | rm -rf $(OBJECTS) $(EXECUTABLE) 23 | 24 | test: all 25 | ./$(EXECUTABLE) 26 | 27 | -------------------------------------------------------------------------------- /jni/selinux/libsepol/src/ibpkey_internal.h: -------------------------------------------------------------------------------- 1 | #ifndef _SEPOL_IBPKEY_INTERNAL_H_ 2 | #define _SEPOL_IBPKEY_INTERNAL_H_ 3 | 4 | #include 5 | #include 6 | #include "dso.h" 7 | 8 | hidden_proto(sepol_ibpkey_create) 9 | hidden_proto(sepol_ibpkey_free) 10 | hidden_proto(sepol_ibpkey_get_con) 11 | hidden_proto(sepol_ibpkey_get_high) 12 | hidden_proto(sepol_ibpkey_get_low) 13 | hidden_proto(sepol_ibpkey_key_create) 14 | hidden_proto(sepol_ibpkey_key_unpack) 15 | hidden_proto(sepol_ibpkey_set_con) 16 | hidden_proto(sepol_ibpkey_set_range) 17 | hidden_proto(sepol_ibpkey_get_subnet_prefix) 18 | hidden_proto(sepol_ibpkey_get_subnet_prefix_bytes) 19 | hidden_proto(sepol_ibpkey_set_subnet_prefix) 20 | hidden_proto(sepol_ibpkey_set_subnet_prefix_bytes) 21 | #endif 22 | -------------------------------------------------------------------------------- /jni/selinux/libselinux/man/man8/setenforce.8: -------------------------------------------------------------------------------- 1 | .TH "setenforce" "8" "7 April 2004" "dwalsh@redhat.com" "SELinux Command Line documentation" 2 | .SH "NAME" 3 | setenforce \- modify the mode SELinux is running in 4 | . 5 | .SH "SYNOPSIS" 6 | .B setenforce 7 | .RB [ Enforcing | Permissive | 1 | 0 ] 8 | . 9 | .SH "DESCRIPTION" 10 | Use 11 | .B Enforcing 12 | or 13 | .B 1 14 | to put SELinux in enforcing mode. 15 | .br 16 | Use 17 | .B Permissive 18 | or 19 | .B 0 20 | to put SELinux in permissive mode. 21 | 22 | If SELinux is disabled and you want to enable it, or SELinux is enabled and you want to disable it, please see 23 | .BR selinux (8). 24 | . 25 | .SH AUTHOR 26 | Dan Walsh, 27 | . 28 | .SH "SEE ALSO" 29 | .BR selinux (8), 30 | .BR getenforce (8), 31 | .BR selinuxenabled (8) 32 | -------------------------------------------------------------------------------- /jni/selinux/libselinux/src/selinux_netlink.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Netlink event notifications for SELinux. 3 | * 4 | * Author: James Morris 5 | */ 6 | #ifndef _LINUX_SELINUX_NETLINK_H 7 | #define _LINUX_SELINUX_NETLINK_H 8 | 9 | /* Message types. */ 10 | #define SELNL_MSG_BASE 0x10 11 | enum { 12 | SELNL_MSG_SETENFORCE = SELNL_MSG_BASE, 13 | SELNL_MSG_POLICYLOAD, 14 | SELNL_MSG_MAX 15 | }; 16 | 17 | /* Multicast groups */ 18 | #define SELNL_GRP_NONE 0x00000000 19 | #define SELNL_GRP_AVC 0x00000001 /* AVC notifications */ 20 | #define SELNL_GRP_ALL 0xffffffff 21 | 22 | /* Message structures */ 23 | struct selnl_msg_setenforce { 24 | int32_t val; 25 | }; 26 | 27 | struct selnl_msg_policyload { 28 | uint32_t seqno; 29 | }; 30 | 31 | #endif /* _LINUX_SELINUX_NETLINK_H */ 32 | -------------------------------------------------------------------------------- /jni/selinux/dbus/org.selinux.conf: -------------------------------------------------------------------------------- 1 | 2 | 3 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 15 | 16 | 17 | 18 | 19 | 21 | 22 | 23 | 24 | -------------------------------------------------------------------------------- /jni/selinux/libselinux/man/man3/selinux_getpolicytype.3: -------------------------------------------------------------------------------- 1 | .TH "selinux_getpolicytype" "3" "24 Sep 2008" "dwalsh@redhat.com" "SELinux API documentation" 2 | .SH "NAME" 3 | selinux_getpolicytype \- get the type of SELinux policy running on the system 4 | . 5 | .SH "SYNOPSIS" 6 | .B #include 7 | .sp 8 | .BI "int selinux_getpolicytype(char **" policytype ); 9 | . 10 | .SH "DESCRIPTION" 11 | .BR selinux_getpolicytype () 12 | Reads the contents of the 13 | .I /etc/selinux/config 14 | file to determine the SELinux policy used on the system, and sets 15 | .I \%policytype 16 | accordingly. Free 17 | .I \%policytype 18 | with 19 | .BR free (3). 20 | . 21 | .SH "RETURN VALUE" 22 | On success, zero is returned. 23 | On failure, \-1 is returned. 24 | . 25 | .SH "SEE ALSO" 26 | .BR selinux "(8)" 27 | -------------------------------------------------------------------------------- /jni/selinux/libselinux/man/man3/selinux_lsetfilecon_default.3: -------------------------------------------------------------------------------- 1 | .TH "selinux_lsetfilecon_default" "3" "21 November 2009" "sds@tycho.nsa.gov" "SELinux API documentation" 2 | .SH "NAME" 3 | selinux_lsetfilecon_default \- set the file context to the system defaults 4 | . 5 | .SH "SYNOPSIS" 6 | .B #include 7 | .sp 8 | .BI "int selinux_lsetfilecon_default(const char *" path ");" 9 | . 10 | .SH "DESCRIPTION" 11 | .BR selinux_lsetfilecon_default () 12 | sets the file context to the system defaults. 13 | . 14 | .SH "RETURN VALUE" 15 | Returns zero on success or \-1 otherwise. 16 | . 17 | .SH "SEE ALSO" 18 | .ad l 19 | .nh 20 | .BR selinux "(8), " selinux_file_context_cmp "(3), " selinux_file_context_verify "(3), " matchpathcon "(3), " freecon "(3), " setfilecon "(3), " setfscreatecon "(3)" 21 | -------------------------------------------------------------------------------- /jni/selinux/python/sepolicy/sepolicy/help/lockdown_permissive.txt: -------------------------------------------------------------------------------- 1 | Disable Permissive Processes 2 | 3 | 4 | Disabling the 'permissivedomains' module allows you to remove all permissive domains shipped with the distribution. 5 | 6 | When the distribution policy writers write a new confined domain, they initially ship the policy for that domain in permissive mode. Permissive mode means that a process running in the domain will not be confined by SELinux. The kernel will log the AVC messages, access denials, that would have happened had the process been run in enforcing mode. 7 | 8 | Permissive domain policies are experimental and will be turned to enforcing in future Operation System Releases. 9 | 10 | Note if you disable the permissive domains module, you may see an increase in the denials in your log files. 11 | -------------------------------------------------------------------------------- /jni/selinux/libselinux/src/disable.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | #include 4 | #include 5 | #include 6 | #include 7 | #include "selinux_internal.h" 8 | #include "policy.h" 9 | #include 10 | #include 11 | 12 | int security_disable(void) 13 | { 14 | int fd, ret; 15 | char path[PATH_MAX]; 16 | char buf[20]; 17 | 18 | if (!selinux_mnt) { 19 | errno = ENOENT; 20 | return -1; 21 | } 22 | 23 | snprintf(path, sizeof path, "%s/disable", selinux_mnt); 24 | fd = open(path, O_WRONLY | O_CLOEXEC); 25 | if (fd < 0) 26 | return -1; 27 | 28 | buf[0] = '1'; 29 | buf[1] = '\0'; 30 | ret = write(fd, buf, strlen(buf)); 31 | close(fd); 32 | if (ret < 0) 33 | return -1; 34 | 35 | return 0; 36 | } 37 | 38 | hidden_def(security_disable) 39 | -------------------------------------------------------------------------------- /jni/selinux/libselinux/src/setenforce.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | #include 4 | #include 5 | #include 6 | #include 7 | #include "selinux_internal.h" 8 | #include "policy.h" 9 | #include 10 | #include 11 | 12 | int security_setenforce(int value) 13 | { 14 | int fd, ret; 15 | char path[PATH_MAX]; 16 | char buf[20]; 17 | 18 | if (!selinux_mnt) { 19 | errno = ENOENT; 20 | return -1; 21 | } 22 | 23 | snprintf(path, sizeof path, "%s/enforce", selinux_mnt); 24 | fd = open(path, O_RDWR | O_CLOEXEC); 25 | if (fd < 0) 26 | return -1; 27 | 28 | snprintf(buf, sizeof buf, "%d", value); 29 | ret = write(fd, buf, strlen(buf)); 30 | close(fd); 31 | if (ret < 0) 32 | return -1; 33 | 34 | return 0; 35 | } 36 | 37 | hidden_def(security_setenforce) 38 | -------------------------------------------------------------------------------- /jni/selinux/python/sepolicy/sepolicy/templates/__init__.py: -------------------------------------------------------------------------------- 1 | # 2 | # Copyright (C) 2007-2012 Red Hat 3 | # 4 | # This program is free software; you can redistribute it and/or modify 5 | # it under the terms of the GNU General Public License as published by 6 | # the Free Software Foundation; either version 2 of the License, or 7 | # (at your option) any later version. 8 | # 9 | # This program is distributed in the hope that it will be useful, 10 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 11 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 12 | # GNU General Public License for more details. 13 | # 14 | # You should have received a copy of the GNU General Public License 15 | # along with this program; if not, write to the Free Software 16 | # Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. 17 | # 18 | -------------------------------------------------------------------------------- /jni/selinux/libselinux/man/man8/selinuxexeccon.8: -------------------------------------------------------------------------------- 1 | .TH "selinuxexeccon" "8" "14 May 2011" "dwalsh@redhat.com" "SELinux Command Line documentation" 2 | .SH "NAME" 3 | selinuxexeccon \- report SELinux context used for this executable 4 | . 5 | .SH "SYNOPSIS" 6 | .B selinuxexeccon 7 | .I command 8 | .RI [ fromcon ] 9 | . 10 | .SH "DESCRIPTION" 11 | .B selinuxexeccon 12 | reports the SELinux process context for the specified command from the specified context or the current context. 13 | . 14 | .SH EXAMPLE 15 | .nf 16 | # selinuxexeccon /usr/bin/passwd 17 | staff_u:staff_r:passwd_t:s0-s0:c0.c1023 18 | 19 | # selinuxexeccon /usr/sbin/sendmail system_u:system_r:httpd_t:s0 20 | system_u:system_r:system_mail_t:s0 21 | .fi 22 | . 23 | .SH AUTHOR 24 | This manual page was written by Dan Walsh . 25 | . 26 | .SH "SEE ALSO" 27 | .BR secon (8) 28 | -------------------------------------------------------------------------------- /jni/selinux/libsepol/cil/test/integration_testing/ordered_lists_easy.cil: -------------------------------------------------------------------------------- 1 | ; Minimum policy 2 | ; **************************** 3 | 4 | (class foo (read)) 5 | 6 | (type bar) 7 | (allow bar self (foo (read))) 8 | 9 | ; **************************** 10 | 11 | (sensitivity s0) 12 | (sensitivity s1) 13 | (sensitivity s2) 14 | (sensitivity s3) 15 | (sensitivity s4) 16 | (sensitivity s5) 17 | (sensitivity s6) 18 | (sensitivity s7) 19 | (sensitivity s8) 20 | (sensitivity s9) 21 | (dominance (s0 s1 s2 s3 s4 s5 s6 s7 s8 s9)) 22 | 23 | (category c0) 24 | (category c1) 25 | (category c2) 26 | (category c3) 27 | (category c4) 28 | (category c5) 29 | (category c6) 30 | (category c7) 31 | (category c8) 32 | (category c9) 33 | 34 | (categoryorder (c2 c3 c4 c5)) 35 | (categoryorder (c0 c1 c2 c3)) 36 | (categoryorder (c5 c6 c7)) 37 | (categoryorder (c7 c8 c9)) 38 | 39 | -------------------------------------------------------------------------------- /jni/selinux/libsepol/include/sepol/policydb/polcaps.h: -------------------------------------------------------------------------------- 1 | #ifndef _SEPOL_POLICYDB_POLCAPS_H_ 2 | #define _SEPOL_POLICYDB_POLCAPS_H_ 3 | 4 | #ifdef __cplusplus 5 | extern "C" { 6 | #endif 7 | 8 | /* Policy capabilities */ 9 | enum { 10 | POLICYDB_CAPABILITY_NETPEER, 11 | POLICYDB_CAPABILITY_OPENPERM, 12 | POLICYDB_CAPABILITY_EXTSOCKCLASS, 13 | POLICYDB_CAPABILITY_ALWAYSNETWORK, 14 | POLICYDB_CAPABILITY_CGROUPSECLABEL, 15 | __POLICYDB_CAPABILITY_MAX 16 | }; 17 | #define POLICYDB_CAPABILITY_MAX (__POLICYDB_CAPABILITY_MAX - 1) 18 | 19 | /* Convert a capability name to number. */ 20 | extern int sepol_polcap_getnum(const char *name); 21 | 22 | /* Convert a capability number to name. */ 23 | extern const char *sepol_polcap_getname(unsigned int capnum); 24 | 25 | #ifdef __cplusplus 26 | } 27 | #endif 28 | 29 | #endif /* _SEPOL_POLICYDB_POLCAPS_H_ */ 30 | -------------------------------------------------------------------------------- /jni/selinux/policycoreutils/load_policy/Makefile: -------------------------------------------------------------------------------- 1 | # Installation directories. 2 | PREFIX ?= $(DESTDIR)/usr 3 | SBINDIR ?= $(DESTDIR)/sbin 4 | MANDIR ?= $(PREFIX)/share/man 5 | LOCALEDIR ?= /usr/share/locale 6 | 7 | CFLAGS ?= -Werror -Wall -W 8 | override CFLAGS += $(LDFLAGS) -DUSE_NLS -DLOCALEDIR="\"$(LOCALEDIR)\"" -DPACKAGE="\"policycoreutils\"" 9 | override LDLIBS += -lsepol -lselinux 10 | 11 | TARGETS=$(patsubst %.c,%,$(sort $(wildcard *.c))) 12 | 13 | all: $(TARGETS) 14 | 15 | install: all 16 | -mkdir -p $(SBINDIR) 17 | install -m 755 $(TARGETS) $(SBINDIR) 18 | test -d $(MANDIR)/man8 || install -m 755 -d $(MANDIR)/man8 19 | install -m 644 load_policy.8 $(MANDIR)/man8/ 20 | 21 | clean: 22 | -rm -f $(TARGETS) *.o 23 | 24 | indent: 25 | ../../scripts/Lindent $(wildcard *.[ch]) 26 | 27 | relabel: 28 | /sbin/restorecon $(SBINDIR)/load_policy 29 | -------------------------------------------------------------------------------- /jni/selinux/libsepol/src/dso.h: -------------------------------------------------------------------------------- 1 | #ifndef _SEPOL_DSO_H 2 | #define _SEPOL_DSO_H 1 3 | 4 | #if !defined(SHARED) || defined(ANDROID) 5 | #define DISABLE_SYMVER 1 6 | #endif 7 | 8 | #ifdef SHARED 9 | # define hidden __attribute__ ((visibility ("hidden"))) 10 | # define hidden_proto(fct) __hidden_proto (fct, fct##_internal) 11 | # define __hidden_proto(fct, internal) \ 12 | extern __typeof (fct) internal; \ 13 | extern __typeof (fct) fct __asm (#internal) hidden; 14 | # if defined(__alpha__) || defined(__mips__) 15 | # define hidden_def(fct) \ 16 | asm (".globl " #fct "\n" #fct " = " #fct "_internal"); 17 | # else 18 | # define hidden_def(fct) \ 19 | asm (".globl " #fct "\n.set " #fct ", " #fct "_internal"); 20 | #endif 21 | #else 22 | # define hidden 23 | # define hidden_proto(fct) 24 | # define hidden_def(fct) 25 | #endif 26 | 27 | #endif 28 | -------------------------------------------------------------------------------- /jni/selinux/libselinux/utils/compute_create.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | #include 4 | #include 5 | #include 6 | #include 7 | 8 | int main(int argc, char **argv) 9 | { 10 | char *buf; 11 | security_class_t tclass; 12 | int ret; 13 | 14 | if (argc != 4) { 15 | fprintf(stderr, "usage: %s scontext tcontext tclass\n", 16 | argv[0]); 17 | exit(1); 18 | } 19 | 20 | tclass = string_to_security_class(argv[3]); 21 | if (!tclass) { 22 | fprintf(stderr, "Invalid class '%s'\n", argv[3]); 23 | exit(2); 24 | } 25 | 26 | ret = security_compute_create(argv[1], argv[2], tclass, &buf); 27 | if (ret < 0) { 28 | fprintf(stderr, "%s: security_compute_create failed\n", 29 | argv[0]); 30 | exit(3); 31 | } 32 | 33 | printf("%s\n", buf); 34 | freecon(buf); 35 | exit(0); 36 | } 37 | -------------------------------------------------------------------------------- /jni/selinux/libselinux/utils/compute_member.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | #include 4 | #include 5 | #include 6 | #include 7 | 8 | int main(int argc, char **argv) 9 | { 10 | char *buf; 11 | security_class_t tclass; 12 | int ret; 13 | 14 | if (argc != 4) { 15 | fprintf(stderr, "usage: %s scontext tcontext tclass\n", 16 | argv[0]); 17 | exit(1); 18 | } 19 | 20 | tclass = string_to_security_class(argv[3]); 21 | if (!tclass) { 22 | fprintf(stderr, "Invalid class '%s'\n", argv[3]); 23 | exit(2); 24 | } 25 | 26 | ret = security_compute_member(argv[1], argv[2], tclass, &buf); 27 | if (ret < 0) { 28 | fprintf(stderr, "%s: security_compute_member failed\n", 29 | argv[0]); 30 | exit(3); 31 | } 32 | 33 | printf("%s\n", buf); 34 | freecon(buf); 35 | exit(0); 36 | } 37 | -------------------------------------------------------------------------------- /jni/selinux/python/sepolicy/sepolicy-booleans.8: -------------------------------------------------------------------------------- 1 | .TH "sepolicy-booleans" "8" "20121112" "" "" 2 | .SH "NAME" 3 | sepolicy-booleans \- Query SELinux Policy to see description of booleans 4 | 5 | .SH "SYNOPSIS" 6 | 7 | .br 8 | .B sepolicy booleans [\-h] [ \-a | \-b booleanname ... ] 9 | 10 | .SH "DESCRIPTION" 11 | sepolicy booleans will show all booleans and their descriptions, or you can 12 | choose individual booleans to display 13 | 14 | .SH "OPTIONS" 15 | .TP 16 | .I \-h, \-\-help 17 | Display help message 18 | .TP 19 | .I \-a, \-\-all 20 | Display all boolean descriptions 21 | .TP 22 | .I \-b, \-\-boolean 23 | boolean to get description 24 | 25 | .SH "AUTHOR" 26 | This man page was written by Daniel Walsh 27 | 28 | .SH "SEE ALSO" 29 | sepolicy(8), selinux(8), getsebool(8), setsebool(8) 30 | -------------------------------------------------------------------------------- /jni/selinux/semodule-utils/semodule_package/semodule_unpackage.8: -------------------------------------------------------------------------------- 1 | .TH SEMODULE_PACKAGE "8" "Nov 2005" "Security Enhanced Linux" NSA 2 | .SH NAME 3 | semodule_unpackage \- Extract policy module and file context file from an SELinux policy module unpackage. 4 | 5 | .SH SYNOPSIS 6 | .B semodule_unpackage [] 7 | .br 8 | .SH DESCRIPTION 9 | .PP 10 | semodule_unpackage is the tool used to extract the SELinux policy module 11 | and file context file from an SELinux Policy Package. 12 | 13 | .SH EXAMPLE 14 | .nf 15 | # Extract the httpd module file from httpd policy package. 16 | $ semodule_unpackage httpd.pp httpd.mod httpd.fc 17 | .fi 18 | 19 | .SH SEE ALSO 20 | .B semodule_package(8) 21 | .SH AUTHORS 22 | .nf 23 | This manual page was written by Dan Walsh . 24 | The program was written by Stephen Smalley 25 | -------------------------------------------------------------------------------- /jni/selinux/libselinux/utils/compute_user.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | #include 4 | #include 5 | #include 6 | #include 7 | #include 8 | #include 9 | #include 10 | 11 | int main(int argc, char **argv) 12 | { 13 | char **buf, **ptr; 14 | int ret; 15 | 16 | if (argc != 3) { 17 | fprintf(stderr, "usage: %s context user\n", argv[0]); 18 | exit(1); 19 | } 20 | 21 | ret = security_compute_user(argv[1], argv[2], &buf); 22 | if (ret < 0) { 23 | fprintf(stderr, "%s: security_compute_user(%s,%s) failed\n", 24 | argv[0], argv[1], argv[2]); 25 | exit(2); 26 | } 27 | 28 | if (!buf[0]) { 29 | printf("none\n"); 30 | exit(0); 31 | } 32 | 33 | for (ptr = buf; *ptr; ptr++) { 34 | printf("%s\n", *ptr); 35 | } 36 | freeconary(buf); 37 | exit(0); 38 | } 39 | -------------------------------------------------------------------------------- /jni/selinux/libselinux/utils/selinux_check_securetty_context.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | #include 4 | #include 5 | #include 6 | #include 7 | #include 8 | #include 9 | #include 10 | #include 11 | 12 | static __attribute__ ((__noreturn__)) void usage(const char *progname) 13 | { 14 | fprintf(stderr, "usage: %s tty_context...\n", progname); 15 | exit(1); 16 | } 17 | 18 | int main(int argc, char **argv) 19 | { 20 | int i; 21 | if (argc < 2) 22 | usage(argv[0]); 23 | 24 | for (i = 1; i < argc; i++) { 25 | switch (selinux_check_securetty_context(argv[i])) { 26 | case 0: 27 | printf("%s securetty.\n", argv[i]); 28 | break; 29 | default: 30 | printf("%s not securetty.\n", argv[i]); 31 | break; 32 | } 33 | } 34 | return 0; 35 | } 36 | -------------------------------------------------------------------------------- /jni/selinux/scripts/make-update: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | if [ $# != 2 ]; then 4 | echo "Usage: $0 last-release-date package-to-update" 5 | echo " e.g. $0 20131030 sepolgen" 6 | exit 1 7 | fi 8 | 9 | TAG=$1 10 | PKG=$2 11 | 12 | DEST=../update-$TAG 13 | mkdir -p $DEST 14 | 15 | if [ \! -d $PKG ]; then 16 | echo "$PKG does not exist." 17 | exit 1 18 | fi 19 | 20 | cd $PKG 21 | VERS=`cat VERSION` 22 | ARCHIVE=$PKG-$VERS.tar.gz 23 | git tag $PKG-$VERS 24 | git archive --format=tar --prefix=$PKG-$VERS/ $PKG-$VERS | gzip > ../$DEST/$ARCHIVE 25 | cd .. 26 | 27 | cd $DEST 28 | 29 | echo "Copy $ARCHIVE from $DEST to the server and update its download link and checksum on the Releases wiki page:" 30 | 31 | echo "" 32 | 33 | echo "[http://userspace.selinuxproject.org/releases/$TAG/$ARCHIVE $ARCHIVE]" 34 | echo "" 35 | echo "`sha256sum $ARCHIVE`" 36 | echo "" 37 | -------------------------------------------------------------------------------- /jni/selinux/libselinux/utils/compute_relabel.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | #include 4 | #include 5 | #include 6 | #include 7 | 8 | int main(int argc, char **argv) 9 | { 10 | char *buf; 11 | security_class_t tclass; 12 | int ret; 13 | 14 | if (argc != 4) { 15 | fprintf(stderr, "usage: %s scontext tcontext tclass\n", 16 | argv[0]); 17 | exit(1); 18 | } 19 | 20 | tclass = string_to_security_class(argv[3]); 21 | if (!tclass) { 22 | fprintf(stderr, "%s: invalid class '%s'\n", argv[0], argv[3]); 23 | exit(2); 24 | } 25 | 26 | ret = security_compute_relabel(argv[1], argv[2], tclass, &buf); 27 | if (ret < 0) { 28 | fprintf(stderr, "%s: security_compute_relabel failed\n", 29 | argv[0]); 30 | exit(3); 31 | } 32 | 33 | printf("%s\n", buf); 34 | freecon(buf); 35 | exit(0); 36 | } 37 | -------------------------------------------------------------------------------- /jni/selinux/semodule-utils/semodule_package/Makefile: -------------------------------------------------------------------------------- 1 | # Installation directories. 2 | PREFIX ?= $(DESTDIR)/usr 3 | INCLUDEDIR ?= $(PREFIX)/include 4 | BINDIR ?= $(PREFIX)/bin 5 | LIBDIR ?= $(PREFIX)/lib 6 | MANDIR ?= $(PREFIX)/share/man 7 | 8 | CFLAGS ?= -Werror -Wall -W 9 | override LDLIBS += -lsepol 10 | 11 | all: semodule_package semodule_unpackage 12 | 13 | semodule_package: semodule_package.o 14 | 15 | install: all 16 | -mkdir -p $(BINDIR) 17 | install -m 755 semodule_package $(BINDIR) 18 | install -m 755 semodule_unpackage $(BINDIR) 19 | test -d $(MANDIR)/man8 || install -m 755 -d $(MANDIR)/man8 20 | install -m 644 semodule_package.8 $(MANDIR)/man8/ 21 | install -m 644 semodule_unpackage.8 $(MANDIR)/man8/ 22 | 23 | relabel: 24 | 25 | clean: 26 | -rm -f semodule_package semodule_unpackage *.o 27 | 28 | indent: 29 | ../../scripts/Lindent $(wildcard *.[ch]) 30 | 31 | -------------------------------------------------------------------------------- /jni/selinux/libselinux/man/man3/is_selinux_enabled.3: -------------------------------------------------------------------------------- 1 | .TH "is_selinux_enabled" "3" "7 Mar 2010" "russell@coker.com.au" "SELinux API documentation" 2 | .SH "NAME" 3 | is_selinux_enabled \- check whether SELinux is enabled 4 | . 5 | .SH "NAME" 6 | is_selinux_mls_enabled \- check whether SELinux is enabled for (Multi Level Security) MLS 7 | . 8 | .SH "SYNOPSIS" 9 | .B #include 10 | .sp 11 | .B int is_selinux_enabled(); 12 | .sp 13 | .B int is_selinux_mls_enabled(); 14 | . 15 | .SH "DESCRIPTION" 16 | .BR is_selinux_enabled () 17 | returns 1 if SELinux is running or 0 if it is not. 18 | On error, \-1 is returned. 19 | 20 | .BR is_selinux_mls_enabled () 21 | returns 1 if SELinux is capable of running in MLS mode or 0 if it is not. To 22 | determine the policy in use on the system, use 23 | .BR selinux_getpolicytype (3). 24 | . 25 | .SH "SEE ALSO" 26 | .BR selinux "(8)" 27 | -------------------------------------------------------------------------------- /jni/selinux/policycoreutils/sestatus/Makefile: -------------------------------------------------------------------------------- 1 | # Installation directories. 2 | PREFIX ?= $(DESTDIR)/usr 3 | SBINDIR ?= $(PREFIX)/sbin 4 | MANDIR = $(PREFIX)/share/man 5 | ETCDIR ?= $(DESTDIR)/etc 6 | LIBDIR ?= $(PREFIX)/lib 7 | 8 | CFLAGS ?= -Werror -Wall -W 9 | override CFLAGS += -D_FILE_OFFSET_BITS=64 10 | override LDLIBS += -lselinux 11 | 12 | all: sestatus 13 | 14 | sestatus: sestatus.o 15 | 16 | install: all 17 | [ -d $(MANDIR)/man8 ] || mkdir -p $(MANDIR)/man8 18 | [ -d $(MANDIR)/man5 ] || mkdir -p $(MANDIR)/man5 19 | -mkdir -p $(SBINDIR) 20 | install -m 755 sestatus $(SBINDIR) 21 | install -m 644 sestatus.8 $(MANDIR)/man8 22 | install -m 644 sestatus.conf.5 $(MANDIR)/man5 23 | -mkdir -p $(ETCDIR) 24 | install -m 644 sestatus.conf $(ETCDIR) 25 | 26 | clean: 27 | rm -f sestatus *.o 28 | 29 | indent: 30 | ../../scripts/Lindent $(wildcard *.[ch]) 31 | 32 | relabel: 33 | -------------------------------------------------------------------------------- /jni/selinux/libsepol/cil/src/dso.h: -------------------------------------------------------------------------------- 1 | #ifndef _SEPOL_DSO_H 2 | #define _SEPOL_DSO_H 1 3 | 4 | #if !defined(SHARED) || defined(ANDROID) || defined(__APPLE__) 5 | #define DISABLE_SYMVER 1 6 | #endif 7 | 8 | #ifdef SHARED 9 | # define hidden __attribute__ ((visibility ("hidden"))) 10 | # define hidden_proto(fct) __hidden_proto (fct, fct##_internal) 11 | # define __hidden_proto(fct, internal) \ 12 | extern __typeof (fct) internal; \ 13 | extern __typeof (fct) fct __asm (#internal) hidden; 14 | # if defined(__alpha__) || defined(__mips__) 15 | # define hidden_def(fct) \ 16 | asm (".globl " #fct "\n" #fct " = " #fct "_internal"); 17 | # else 18 | # define hidden_def(fct) \ 19 | asm (".globl " #fct "\n.set " #fct ", " #fct "_internal"); 20 | #endif 21 | #else 22 | # define hidden 23 | # define hidden_proto(fct) 24 | # define hidden_def(fct) 25 | #endif 26 | 27 | #endif 28 | -------------------------------------------------------------------------------- /jni/selinux/libselinux/man/man3/init_selinuxmnt.3: -------------------------------------------------------------------------------- 1 | .TH "init_selinuxmnt" "3" "21 Nov 2009" "" "SELinux API documentation" 2 | .SH "NAME" 3 | init_selinuxmnt \- initialize the global variable selinux_mnt 4 | . 5 | .SH "SYNOPSIS" 6 | .BI "static void init_selinuxmnt(void);" 7 | .sp 8 | .BI "static void fini_selinuxmnt(void);" 9 | .sp 10 | .BI "void set_selinuxmnt(char *" mnt ");" 11 | . 12 | .SH "DESCRIPTION" 13 | .BR init_selinuxmnt () 14 | initializes the global variable 15 | .I selinux_mnt 16 | to the selinuxfs mountpoint. 17 | 18 | .BR fini_selinuxmnt () 19 | deinitializes the global variable 20 | .I selinux_mnt 21 | that stores the selinuxfs mountpoint. 22 | 23 | .BR set_selinuxmnt () 24 | changes the selinuxfs mountpoint to 25 | .IR mnt . 26 | . 27 | .SH "AUTHOR" 28 | This manual page has been written by Guido Trentalancia 29 | . 30 | .SH "SEE ALSO" 31 | .BR selinux (8), 32 | -------------------------------------------------------------------------------- /jni/selinux/libselinux/src/callbacks.h: -------------------------------------------------------------------------------- 1 | /* 2 | * This file describes the callbacks passed to selinux_init() and available 3 | * for use from the library code. They all have default implementations. 4 | */ 5 | #ifndef _SELINUX_CALLBACKS_H_ 6 | #define _SELINUX_CALLBACKS_H_ 7 | 8 | #include 9 | #include 10 | #include 11 | #include 12 | #include "dso.h" 13 | 14 | /* callback pointers */ 15 | extern int __attribute__ ((format(printf, 2, 3))) 16 | (*selinux_log) (int type, const char *, ...) hidden; 17 | 18 | extern int 19 | (*selinux_audit) (void *, security_class_t, char *, size_t) hidden; 20 | 21 | extern int 22 | (*selinux_validate)(char **ctx) hidden; 23 | 24 | extern int 25 | (*selinux_netlink_setenforce) (int enforcing) hidden; 26 | 27 | extern int 28 | (*selinux_netlink_policyload) (int seqno) hidden; 29 | 30 | #endif /* _SELINUX_CALLBACKS_H_ */ 31 | -------------------------------------------------------------------------------- /jni/selinux/libselinux/src/getenforce.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | #include 4 | #include 5 | #include 6 | #include 7 | #include "selinux_internal.h" 8 | #include "policy.h" 9 | #include 10 | #include 11 | 12 | int security_getenforce(void) 13 | { 14 | int fd, ret, enforce = 0; 15 | char path[PATH_MAX]; 16 | char buf[20]; 17 | 18 | if (!selinux_mnt) { 19 | errno = ENOENT; 20 | return -1; 21 | } 22 | 23 | snprintf(path, sizeof path, "%s/enforce", selinux_mnt); 24 | fd = open(path, O_RDONLY | O_CLOEXEC); 25 | if (fd < 0) 26 | return -1; 27 | 28 | memset(buf, 0, sizeof buf); 29 | ret = read(fd, buf, sizeof buf - 1); 30 | close(fd); 31 | if (ret < 0) 32 | return -1; 33 | 34 | if (sscanf(buf, "%d", &enforce) != 1) 35 | return -1; 36 | 37 | return !!enforce; 38 | } 39 | 40 | hidden_def(security_getenforce) 41 | -------------------------------------------------------------------------------- /jni/selinux/python/sepolicy/sepolicy/help/login.txt: -------------------------------------------------------------------------------- 1 | By Default on a SELinux Targeted Policy system, all users login using the unconfined_t user. 2 | 3 | 4 | But SELinux has a very powerful concept called confined users. You can setup individual users on your system to login with different SELinux user types. This Login Mapping Screen allows you to map a Linux login user to an SELinux User. 5 | 6 | Default SELinux Users: 7 | 8 | * Terminal user/ssh - guest_u 9 | - No Network, No setuid, no exec in homedir 10 | 11 | * Browser user/kiosk - xguest_u 12 | - Web access ports only. No setuid, no exec in homedir 13 | 14 | * Full Desktop user - User_u 15 | - Full Network, No SETUID. 16 | 17 | * Confined Admin/Desktop User - Staff_u 18 | - Full Network, sudo to admin only, no root password. Usually a confined admin 19 | 20 | * Unconfined user - unconfined_u (Default) 21 | - SELinux does not block access. 22 | -------------------------------------------------------------------------------- /jni/selinux/libselinux/src/policy.h: -------------------------------------------------------------------------------- 1 | #ifndef _POLICY_H_ 2 | #define _POLICY_H_ 3 | 4 | /* Private definitions used internally by libselinux. */ 5 | 6 | /* 7 | * xattr name for SELinux attributes. 8 | * This may have been exported via Kernel uapi header. 9 | */ 10 | #ifndef XATTR_NAME_SELINUX 11 | #define XATTR_NAME_SELINUX "security.selinux" 12 | #endif 13 | 14 | /* Initial length guess for getting contexts. */ 15 | #define INITCONTEXTLEN 255 16 | 17 | /* selinux file system type */ 18 | #define SELINUXFS "selinuxfs" 19 | 20 | /* selinuxfs magic number */ 21 | #define SELINUX_MAGIC 0xf97cff8c 22 | 23 | /* Preferred selinux mount location */ 24 | #define SELINUXMNT "/sys/fs/selinux" 25 | #define OLDSELINUXMNT "/selinux" 26 | 27 | /* selinuxfs mount point */ 28 | extern char *selinux_mnt; 29 | 30 | #define FILECONTEXTS "/etc/security/selinux/file_contexts" 31 | 32 | #define DEFAULT_POLICY_VERSION 15 33 | 34 | #endif 35 | -------------------------------------------------------------------------------- /jni/selinux/libselinux/man/man3/matchmediacon.3: -------------------------------------------------------------------------------- 1 | .TH "matchmediacon" "3" "15 November 2004" "dwalsh@redhat.com" "SELinux API documentation" 2 | .SH "NAME" 3 | matchmediacon \- get the default SELinux security context for the specified mediatype from the policy 4 | . 5 | .SH "SYNOPSIS" 6 | .B #include 7 | .sp 8 | .BI "int matchmediacon(const char *" media ", char **" con ); 9 | . 10 | .SH "DESCRIPTION" 11 | .BR matchmediacon () 12 | matches the specified media type with the media contexts configuration and 13 | sets the security context 14 | .I con 15 | to refer to the resulting context. 16 | .sp 17 | .B Note: 18 | Caller must free returned security context 19 | .I con 20 | using 21 | .BR freecon (3). 22 | . 23 | .SH "RETURN VALUE" 24 | Returns 0 on success or \-1 otherwise. 25 | . 26 | .SH Files 27 | .I /etc/selinux/{POLICYTYPE}/contexts/files/media 28 | . 29 | .SH "SEE ALSO" 30 | .BR selinux "(8), " freecon "(3) 31 | -------------------------------------------------------------------------------- /jni/selinux/policycoreutils/semodule/Makefile: -------------------------------------------------------------------------------- 1 | # Installation directories. 2 | PREFIX ?= $(DESTDIR)/usr 3 | INCLUDEDIR ?= $(PREFIX)/include 4 | SBINDIR ?= $(PREFIX)/sbin 5 | MANDIR = $(PREFIX)/share/man 6 | LIBDIR ?= $(PREFIX)/lib 7 | 8 | CFLAGS ?= -Werror -Wall -W 9 | override LDLIBS += -lsepol -lselinux -lsemanage 10 | SEMODULE_OBJS = semodule.o 11 | 12 | all: semodule genhomedircon 13 | 14 | semodule: $(SEMODULE_OBJS) 15 | 16 | genhomedircon: 17 | ln -sf semodule genhomedircon 18 | 19 | install: all 20 | -mkdir -p $(SBINDIR) 21 | install -m 755 semodule $(SBINDIR) 22 | (cd $(SBINDIR); ln -sf semodule genhomedircon) 23 | test -d $(MANDIR)/man8 || install -m 755 -d $(MANDIR)/man8 24 | install -m 644 semodule.8 $(MANDIR)/man8/ 25 | install -m 644 genhomedircon.8 $(MANDIR)/man8/ 26 | 27 | relabel: 28 | 29 | clean: 30 | -rm -f semodule *.o genhomedircon 31 | 32 | indent: 33 | ../../scripts/Lindent $(wildcard *.[ch]) 34 | 35 | -------------------------------------------------------------------------------- /jni/selinux/libsepol/include/sepol/context.h: -------------------------------------------------------------------------------- 1 | #ifndef _SEPOL_CONTEXT_H_ 2 | #define _SEPOL_CONTEXT_H_ 3 | 4 | #include 5 | #include 6 | #include 7 | 8 | #ifdef __cplusplus 9 | extern "C" { 10 | #endif 11 | 12 | /* -- Deprecated -- */ 13 | 14 | extern int sepol_check_context(const char *context); 15 | 16 | /* -- End deprecated -- */ 17 | 18 | extern int sepol_context_check(sepol_handle_t * handle, 19 | const sepol_policydb_t * policydb, 20 | const sepol_context_t * context); 21 | 22 | extern int sepol_mls_contains(sepol_handle_t * handle, 23 | const sepol_policydb_t * policydb, 24 | const char *mls1, 25 | const char *mls2, int *response); 26 | 27 | extern int sepol_mls_check(sepol_handle_t * handle, 28 | const sepol_policydb_t * policydb, const char *mls); 29 | 30 | #ifdef __cplusplus 31 | } 32 | #endif 33 | 34 | #endif 35 | -------------------------------------------------------------------------------- /jni/selinux/mcstrans/share/examples/default/default.test: -------------------------------------------------------------------------------- 1 | SystemLow==s0 2 | SystemHigh==s15:c0.c1023 3 | SystemLow-SystemHigh==s0-s15:c0.c1023 4 | 5 | Unclassified==s1 6 | 7 | Secret==s2 8 | A==s2:c0 9 | B==s2:c1 10 | 11 | SystemLow-Unclassified==s0-s1 12 | Unclassified-Secret==s1-s2 13 | Unclassified-SystemHigh==s1-s15:c0.c1023 14 | 15 | SystemLow-Secret==s0-s2 16 | SystemLow-Secret:A==s0-s2:c0 17 | SystemLow-Secret:B==s0-s2:c1 18 | SystemLow-Secret:AB==s0-s2:c0,c1 19 | Unclassified-Secret:A==s1-s2:c0 20 | Unclassified-Secret:B==s1-s2:c1 21 | Unclassified-Secret:AB==s1-s2:c0,c1 22 | Secret-Secret:A==s2-s2:c0 23 | Secret-Secret:B==s2-s2:c1 24 | Secret-Secret:AB==s2-s2:c0,c1 25 | Secret-SystemHigh==s2-s15:c0.c1023 26 | Secret:A-Secret:AB==s2:c0-s2:c0,c1 27 | Secret:A-SystemHigh==s2:c0-s15:c0.c1023 28 | Secret:B-Secret:AB==s2:c1-s2:c0,c1 29 | Secret:B-SystemHigh==s2:c1-s15:c0.c1023 30 | Secret:AB-SystemHigh==s2:c0,c1-s15:c0.c1023 31 | 32 | -------------------------------------------------------------------------------- /jni/selinux/mcstrans/share/examples/include/default.test: -------------------------------------------------------------------------------- 1 | SystemLow==s0 2 | SystemHigh==s15:c0.c1023 3 | SystemLow-SystemHigh==s0-s15:c0.c1023 4 | 5 | Unclassified==s1 6 | 7 | Secret==s2 8 | A==s2:c0 9 | B==s2:c1 10 | 11 | SystemLow-Unclassified==s0-s1 12 | Unclassified-Secret==s1-s2 13 | Unclassified-SystemHigh==s1-s15:c0.c1023 14 | 15 | SystemLow-Secret==s0-s2 16 | SystemLow-Secret:A==s0-s2:c0 17 | SystemLow-Secret:B==s0-s2:c1 18 | SystemLow-Secret:AB==s0-s2:c0,c1 19 | Unclassified-Secret:A==s1-s2:c0 20 | Unclassified-Secret:B==s1-s2:c1 21 | Unclassified-Secret:AB==s1-s2:c0,c1 22 | Secret-Secret:A==s2-s2:c0 23 | Secret-Secret:B==s2-s2:c1 24 | Secret-Secret:AB==s2-s2:c0,c1 25 | Secret-SystemHigh==s2-s15:c0.c1023 26 | Secret:A-Secret:AB==s2:c0-s2:c0,c1 27 | Secret:A-SystemHigh==s2:c0-s15:c0.c1023 28 | Secret:B-Secret:AB==s2:c1-s2:c0,c1 29 | Secret:B-SystemHigh==s2:c1-s15:c0.c1023 30 | Secret:AB-SystemHigh==s2:c0,c1-s15:c0.c1023 31 | 32 | -------------------------------------------------------------------------------- /jni/selinux/python/sepolicy/sepolicy/help/users.txt: -------------------------------------------------------------------------------- 1 | By Default on a SELinux Targeted Policy system, all users login using the unconfined_t user. 2 | 3 | SELinux has a very powerful concept called confined users. You can setup individual users on your system to login with different SELinux user types. This SELinux User Screen allows you to create/modify SELinux Users and map them to SELinux Roles and MLS/MCS Ranges 4 | 5 | Default SELinux Users: 6 | 7 | * Terminal user/ssh - guest_u 8 | - No Network, No setuid, no exec in homedir 9 | 10 | * Browser user/kiosk - xguest_u 11 | - Web access ports only. No setuid, no exec in homedir 12 | 13 | * Full Desktop user - User_u 14 | - Full Network, No SETUID. 15 | 16 | * Confined Admin/Desktop User - Staff_u 17 | - Full Network, sudo to admin only, no root password. Usually a confined admin 18 | 19 | * Unconfined user - unconfined_u (Default) 20 | - SELinux does not block access. 21 | -------------------------------------------------------------------------------- /jni/selinux/libselinux/src/deny_unknown.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | #include 4 | #include 5 | #include 6 | #include 7 | #include "selinux_internal.h" 8 | #include "policy.h" 9 | #include 10 | #include 11 | 12 | int security_deny_unknown(void) 13 | { 14 | int fd, ret, deny_unknown = 0; 15 | char path[PATH_MAX]; 16 | char buf[20]; 17 | 18 | if (!selinux_mnt) { 19 | errno = ENOENT; 20 | return -1; 21 | } 22 | 23 | snprintf(path, sizeof(path), "%s/deny_unknown", selinux_mnt); 24 | fd = open(path, O_RDONLY | O_CLOEXEC); 25 | if (fd < 0) 26 | return -1; 27 | 28 | memset(buf, 0, sizeof(buf)); 29 | ret = read(fd, buf, sizeof(buf) - 1); 30 | close(fd); 31 | if (ret < 0) 32 | return -1; 33 | 34 | if (sscanf(buf, "%d", &deny_unknown) != 1) 35 | return -1; 36 | 37 | return deny_unknown; 38 | } 39 | 40 | hidden_def(security_deny_unknown); 41 | -------------------------------------------------------------------------------- /jni/selinux/libselinux/src/checkreqprot.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | #include 4 | #include 5 | #include 6 | #include 7 | #include "selinux_internal.h" 8 | #include "policy.h" 9 | #include 10 | #include 11 | 12 | int security_get_checkreqprot(void) 13 | { 14 | int fd, ret, checkreqprot = 0; 15 | char path[PATH_MAX]; 16 | char buf[20]; 17 | 18 | if (!selinux_mnt) { 19 | errno = ENOENT; 20 | return -1; 21 | } 22 | 23 | snprintf(path, sizeof(path), "%s/checkreqprot", selinux_mnt); 24 | fd = open(path, O_RDONLY | O_CLOEXEC); 25 | if (fd < 0) 26 | return -1; 27 | 28 | memset(buf, 0, sizeof(buf)); 29 | ret = read(fd, buf, sizeof(buf) - 1); 30 | close(fd); 31 | if (ret < 0) 32 | return -1; 33 | 34 | if (sscanf(buf, "%d", &checkreqprot) != 1) 35 | return -1; 36 | 37 | return checkreqprot; 38 | } 39 | 40 | hidden_def(security_get_checkreqprot); 41 | -------------------------------------------------------------------------------- /jni/selinux/python/sepolicy/sepolicy/help/lockdown_unconfined.txt: -------------------------------------------------------------------------------- 1 | Disable Unconfined System Processes 2 | 3 | 4 | By default any system process that is started at boot that do not have SELinux Policy defined for them, run as initrc_t or init_t. These domains are unconfined by SELinux. Other similar processes which do not have SELinux Policy written for them run also unconfined. By disabling the unconfined module moves you closer to what used to be called strict policy, and locks down your machine tighter. 5 | 6 | Disabling the unconfined module will leave certain unconfined domains running on your system, specifically the unconfined_t user. If you do not 7 | want unconfined_t users on your system you would need to remove them from the 'Login Mapping' and Users Screens. 8 | 9 | Note if you disable the unconfined module, you may see an increase in the denials, and if you have processes running as initrc_t, you may need to write policy for them. 10 | -------------------------------------------------------------------------------- /jni/selinux/libselinux/man/man3/selinux_getenforcemode.3: -------------------------------------------------------------------------------- 1 | .TH "selinux_getenforcemode" "3" "25 May 2004" "dwalsh@redhat.com" "SELinux API documentation" 2 | .SH "NAME" 3 | selinux_getenforcemode \- get the enforcing state of SELinux 4 | . 5 | .SH "SYNOPSIS" 6 | .B #include 7 | .sp 8 | .BI "int selinux_getenforcemode(int *" enforce ); 9 | . 10 | .SH "DESCRIPTION" 11 | .BR selinux_getenforcemode () 12 | Reads the contents of the 13 | .I /etc/selinux/config 14 | file to determine how the system was setup to run SELinux. 15 | 16 | Sets the value of 17 | .I enforce 18 | to 1 if SELinux should be run in enforcing mode. 19 | Sets the value of 20 | .I enforce 21 | to 0 if SELinux should be run in permissive mode. 22 | Sets the value of 23 | .I enforce 24 | to \-1 if SELinux should be disabled. 25 | . 26 | .SH "RETURN VALUE" 27 | On success, zero is returned. 28 | On failure, \-1 is returned. 29 | . 30 | .SH "SEE ALSO" 31 | .BR selinux "(8)" 32 | --------------------------------------------------------------------------------