├── .github └── workflows │ └── android.yml ├── .gitignore ├── .gitmodules ├── README.md ├── build.gradle ├── gradle.properties ├── gradle └── wrapper │ ├── gradle-wrapper.jar │ └── gradle-wrapper.properties ├── gradlew ├── gradlew.bat ├── library ├── .gitignore ├── CMakeLists.txt ├── build.gradle ├── cmake │ └── FindPatch.cmake ├── gradle.properties ├── proguard-rules.pro └── src │ └── main │ ├── AndroidManifest.xml │ ├── java │ └── me │ │ └── zhanghai │ │ └── android │ │ └── libselinux │ │ └── SeLinux.java │ └── jni │ ├── init.c.patch │ └── libselinux-jni.c ├── sample ├── .gitignore ├── build.gradle ├── proguard-rules.pro └── src │ └── main │ ├── AndroidManifest.xml │ └── java │ └── me │ └── zhanghai │ └── android │ └── libselinux │ └── sample │ └── MainActivity.java └── settings.gradle /.github/workflows/android.yml: -------------------------------------------------------------------------------- 1 | name: Android CI 2 | 3 | on: [push] 4 | 5 | jobs: 6 | build: 7 | 8 | runs-on: ubuntu-latest 9 | 10 | steps: 11 | - name: Check out repository 12 | uses: actions/checkout@v3 13 | with: 14 | submodules: true 15 | - name: Set up JDK 17 16 | uses: actions/setup-java@v3 17 | with: 18 | distribution: 'temurin' 19 | java-version: '17' 20 | - name: Build with Gradle 21 | run: ./gradlew assembleDebug lintVitalRelease 22 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | /.gradle/ 2 | /.idea/ 3 | /build/ 4 | /captures/ 5 | /local.properties 6 | .DS_Store 7 | *.iml 8 | -------------------------------------------------------------------------------- /.gitmodules: -------------------------------------------------------------------------------- 1 | [submodule "library/src/main/jni/external/selinux"] 2 | path = library/src/main/jni/external/selinux 3 | url = https://android.googlesource.com/platform/external/selinux 4 | [submodule "library/src/main/jni/external/pcre"] 5 | path = library/src/main/jni/external/pcre 6 | url = https://android.googlesource.com/platform/external/pcre 7 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # libselinux-android 2 | 3 | [![Android CI status](https://github.com/zhanghai/libselinux-android/workflows/Android%20CI/badge.svg)](https://github.com/zhanghai/libselinux-android/actions) 4 | 5 | [`libselinux`](https://android.googlesource.com/platform/external/selinux/+/refs/heads/master/libselinux/) built with Android NDK, packaged as an Android library with some Java binding. 6 | 7 | ## Integration 8 | 9 | Gradle: 10 | 11 | ```gradle 12 | implementation 'me.zhanghai.android.libselinux:library:2.1.1' 13 | ``` 14 | 15 | ## Usage 16 | 17 | See [`SeLinux.java`](library/src/main/java/me/zhanghai/android/libselinux/SeLinux.java). 18 | 19 | ## License 20 | 21 | Copyright 2019 Hai Zhang 22 | 23 | Licensed under the Apache License, Version 2.0 (the "License"); 24 | you may not use this file except in compliance with the License. 25 | You may obtain a copy of the License at 26 | 27 | http://www.apache.org/licenses/LICENSE-2.0 28 | 29 | Unless required by applicable law or agreed to in writing, software 30 | distributed under the License is distributed on an "AS IS" BASIS, 31 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 32 | See the License for the specific language governing permissions and 33 | limitations under the License. 34 | -------------------------------------------------------------------------------- /build.gradle: -------------------------------------------------------------------------------- 1 | buildscript { 2 | repositories { 3 | google() 4 | mavenCentral() 5 | } 6 | dependencies { 7 | classpath 'com.android.tools.build:gradle:8.10.0' 8 | classpath 'com.vanniktech:gradle-maven-publish-plugin:0.32.0' 9 | } 10 | } 11 | 12 | allprojects { 13 | repositories { 14 | google() 15 | mavenCentral() 16 | } 17 | } 18 | 19 | task clean(type: Delete) { 20 | delete rootProject.buildDir 21 | } 22 | -------------------------------------------------------------------------------- /gradle.properties: -------------------------------------------------------------------------------- 1 | # Project-wide Gradle settings. 2 | 3 | # IDE (e.g. Android Studio) users: 4 | # Gradle settings configured through the IDE *will override* 5 | # any settings specified in this file. 6 | 7 | # For more details on how to configure your build environment visit 8 | # http://www.gradle.org/docs/current/userguide/build_environment.html 9 | 10 | # Specifies the JVM arguments used for the daemon process. 11 | # The setting is particularly useful for tweaking memory settings. 12 | org.gradle.jvmargs=-Xmx2048m -Dfile.encoding=UTF-8 13 | 14 | # When configured, Gradle will run in incubating parallel mode. 15 | # This option should only be used with decoupled projects. More details, visit 16 | # http://www.gradle.org/docs/current/userguide/multi_project_builds.html#sec:decoupled_projects 17 | # org.gradle.parallel=true 18 | 19 | # AndroidX package structure to make it clearer which packages are bundled with the 20 | # Android operating system, and which are packaged with your app's APK 21 | # https://developer.android.com/topic/libraries/support-library/androidx-rn 22 | android.useAndroidX=true 23 | 24 | # Kotlin code style for this project: "official" or "obsolete": 25 | kotlin.code.style=official 26 | 27 | SONATYPE_HOST=CENTRAL_PORTAL 28 | RELEASE_SIGNING_ENABLED=true 29 | 30 | GROUP=me.zhanghai.android.libselinux 31 | VERSION_NAME=2.1.1 32 | VERSION_CODE=5 33 | 34 | POM_DESCRIPTION=SELinux runtime library for Android 35 | POM_URL=https://github.com/zhanghai/libselinux-android 36 | POM_INCEPTION_YEAR=2019 37 | POM_LICENCE_NAME=The Apache Software License, Version 2.0 38 | POM_LICENCE_URL=http://www.apache.org/licenses/LICENSE-2.0.txt 39 | POM_LICENCE_DIST=repo 40 | POM_DEVELOPER_ID=zhanghai 41 | POM_DEVELOPER_NAME=Hai Zhang 42 | POM_DEVELOPER_URL=https://github.com/zhanghai 43 | POM_SCM_CONNECTION=scm:git@github.com:zhanghai/libselinux-android.git 44 | POM_SCM_DEV_CONNECTION=scm:git@github.com:zhanghai/libselinux-android.git 45 | POM_SCM_URL=https://github.com/zhanghai/libselinux-android 46 | -------------------------------------------------------------------------------- /gradle/wrapper/gradle-wrapper.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zhanghai/libselinux-android/7af333b2d05c8b34b67f0bdd8ab9f6bd84fb8d31/gradle/wrapper/gradle-wrapper.jar -------------------------------------------------------------------------------- /gradle/wrapper/gradle-wrapper.properties: -------------------------------------------------------------------------------- 1 | #Tue Dec 12 18:11:07 CST 2023 2 | distributionBase=GRADLE_USER_HOME 3 | distributionPath=wrapper/dists 4 | distributionUrl=https\://services.gradle.org/distributions/gradle-8.11.1-all.zip 5 | zipStoreBase=GRADLE_USER_HOME 6 | zipStorePath=wrapper/dists 7 | -------------------------------------------------------------------------------- /gradlew: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env sh 2 | 3 | ############################################################################## 4 | ## 5 | ## Gradle start up script for UN*X 6 | ## 7 | ############################################################################## 8 | 9 | # Attempt to set APP_HOME 10 | # Resolve links: $0 may be a link 11 | PRG="$0" 12 | # Need this for relative symlinks. 13 | while [ -h "$PRG" ] ; do 14 | ls=`ls -ld "$PRG"` 15 | link=`expr "$ls" : '.*-> \(.*\)$'` 16 | if expr "$link" : '/.*' > /dev/null; then 17 | PRG="$link" 18 | else 19 | PRG=`dirname "$PRG"`"/$link" 20 | fi 21 | done 22 | SAVED="`pwd`" 23 | cd "`dirname \"$PRG\"`/" >/dev/null 24 | APP_HOME="`pwd -P`" 25 | cd "$SAVED" >/dev/null 26 | 27 | APP_NAME="Gradle" 28 | APP_BASE_NAME=`basename "$0"` 29 | 30 | # Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script. 31 | DEFAULT_JVM_OPTS="" 32 | 33 | # Use the maximum available, or set MAX_FD != -1 to use that value. 34 | MAX_FD="maximum" 35 | 36 | warn () { 37 | echo "$*" 38 | } 39 | 40 | die () { 41 | echo 42 | echo "$*" 43 | echo 44 | exit 1 45 | } 46 | 47 | # OS specific support (must be 'true' or 'false'). 48 | cygwin=false 49 | msys=false 50 | darwin=false 51 | nonstop=false 52 | case "`uname`" in 53 | CYGWIN* ) 54 | cygwin=true 55 | ;; 56 | Darwin* ) 57 | darwin=true 58 | ;; 59 | MINGW* ) 60 | msys=true 61 | ;; 62 | NONSTOP* ) 63 | nonstop=true 64 | ;; 65 | esac 66 | 67 | CLASSPATH=$APP_HOME/gradle/wrapper/gradle-wrapper.jar 68 | 69 | # Determine the Java command to use to start the JVM. 70 | if [ -n "$JAVA_HOME" ] ; then 71 | if [ -x "$JAVA_HOME/jre/sh/java" ] ; then 72 | # IBM's JDK on AIX uses strange locations for the executables 73 | JAVACMD="$JAVA_HOME/jre/sh/java" 74 | else 75 | JAVACMD="$JAVA_HOME/bin/java" 76 | fi 77 | if [ ! -x "$JAVACMD" ] ; then 78 | die "ERROR: JAVA_HOME is set to an invalid directory: $JAVA_HOME 79 | 80 | Please set the JAVA_HOME variable in your environment to match the 81 | location of your Java installation." 82 | fi 83 | else 84 | JAVACMD="java" 85 | which java >/dev/null 2>&1 || die "ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH. 86 | 87 | Please set the JAVA_HOME variable in your environment to match the 88 | location of your Java installation." 89 | fi 90 | 91 | # Increase the maximum file descriptors if we can. 92 | if [ "$cygwin" = "false" -a "$darwin" = "false" -a "$nonstop" = "false" ] ; then 93 | MAX_FD_LIMIT=`ulimit -H -n` 94 | if [ $? -eq 0 ] ; then 95 | if [ "$MAX_FD" = "maximum" -o "$MAX_FD" = "max" ] ; then 96 | MAX_FD="$MAX_FD_LIMIT" 97 | fi 98 | ulimit -n $MAX_FD 99 | if [ $? -ne 0 ] ; then 100 | warn "Could not set maximum file descriptor limit: $MAX_FD" 101 | fi 102 | else 103 | warn "Could not query maximum file descriptor limit: $MAX_FD_LIMIT" 104 | fi 105 | fi 106 | 107 | # For Darwin, add options to specify how the application appears in the dock 108 | if $darwin; then 109 | GRADLE_OPTS="$GRADLE_OPTS \"-Xdock:name=$APP_NAME\" \"-Xdock:icon=$APP_HOME/media/gradle.icns\"" 110 | fi 111 | 112 | # For Cygwin, switch paths to Windows format before running java 113 | if $cygwin ; then 114 | APP_HOME=`cygpath --path --mixed "$APP_HOME"` 115 | CLASSPATH=`cygpath --path --mixed "$CLASSPATH"` 116 | JAVACMD=`cygpath --unix "$JAVACMD"` 117 | 118 | # We build the pattern for arguments to be converted via cygpath 119 | ROOTDIRSRAW=`find -L / -maxdepth 1 -mindepth 1 -type d 2>/dev/null` 120 | SEP="" 121 | for dir in $ROOTDIRSRAW ; do 122 | ROOTDIRS="$ROOTDIRS$SEP$dir" 123 | SEP="|" 124 | done 125 | OURCYGPATTERN="(^($ROOTDIRS))" 126 | # Add a user-defined pattern to the cygpath arguments 127 | if [ "$GRADLE_CYGPATTERN" != "" ] ; then 128 | OURCYGPATTERN="$OURCYGPATTERN|($GRADLE_CYGPATTERN)" 129 | fi 130 | # Now convert the arguments - kludge to limit ourselves to /bin/sh 131 | i=0 132 | for arg in "$@" ; do 133 | CHECK=`echo "$arg"|egrep -c "$OURCYGPATTERN" -` 134 | CHECK2=`echo "$arg"|egrep -c "^-"` ### Determine if an option 135 | 136 | if [ $CHECK -ne 0 ] && [ $CHECK2 -eq 0 ] ; then ### Added a condition 137 | eval `echo args$i`=`cygpath --path --ignore --mixed "$arg"` 138 | else 139 | eval `echo args$i`="\"$arg\"" 140 | fi 141 | i=$((i+1)) 142 | done 143 | case $i in 144 | (0) set -- ;; 145 | (1) set -- "$args0" ;; 146 | (2) set -- "$args0" "$args1" ;; 147 | (3) set -- "$args0" "$args1" "$args2" ;; 148 | (4) set -- "$args0" "$args1" "$args2" "$args3" ;; 149 | (5) set -- "$args0" "$args1" "$args2" "$args3" "$args4" ;; 150 | (6) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" ;; 151 | (7) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" ;; 152 | (8) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" "$args7" ;; 153 | (9) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" "$args7" "$args8" ;; 154 | esac 155 | fi 156 | 157 | # Escape application args 158 | save () { 159 | for i do printf %s\\n "$i" | sed "s/'/'\\\\''/g;1s/^/'/;\$s/\$/' \\\\/" ; done 160 | echo " " 161 | } 162 | APP_ARGS=$(save "$@") 163 | 164 | # Collect all arguments for the java command, following the shell quoting and substitution rules 165 | eval set -- $DEFAULT_JVM_OPTS $JAVA_OPTS $GRADLE_OPTS "\"-Dorg.gradle.appname=$APP_BASE_NAME\"" -classpath "\"$CLASSPATH\"" org.gradle.wrapper.GradleWrapperMain "$APP_ARGS" 166 | 167 | # by default we should be in the correct project dir, but when run from Finder on Mac, the cwd is wrong 168 | if [ "$(uname)" = "Darwin" ] && [ "$HOME" = "$PWD" ]; then 169 | cd "$(dirname "$0")" 170 | fi 171 | 172 | exec "$JAVACMD" "$@" 173 | -------------------------------------------------------------------------------- /gradlew.bat: -------------------------------------------------------------------------------- 1 | @if "%DEBUG%" == "" @echo off 2 | @rem ########################################################################## 3 | @rem 4 | @rem Gradle startup script for Windows 5 | @rem 6 | @rem ########################################################################## 7 | 8 | @rem Set local scope for the variables with windows NT shell 9 | if "%OS%"=="Windows_NT" setlocal 10 | 11 | set DIRNAME=%~dp0 12 | if "%DIRNAME%" == "" set DIRNAME=. 13 | set APP_BASE_NAME=%~n0 14 | set APP_HOME=%DIRNAME% 15 | 16 | @rem Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script. 17 | set DEFAULT_JVM_OPTS= 18 | 19 | @rem Find java.exe 20 | if defined JAVA_HOME goto findJavaFromJavaHome 21 | 22 | set JAVA_EXE=java.exe 23 | %JAVA_EXE% -version >NUL 2>&1 24 | if "%ERRORLEVEL%" == "0" goto init 25 | 26 | echo. 27 | echo ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH. 28 | echo. 29 | echo Please set the JAVA_HOME variable in your environment to match the 30 | echo location of your Java installation. 31 | 32 | goto fail 33 | 34 | :findJavaFromJavaHome 35 | set JAVA_HOME=%JAVA_HOME:"=% 36 | set JAVA_EXE=%JAVA_HOME%/bin/java.exe 37 | 38 | if exist "%JAVA_EXE%" goto init 39 | 40 | echo. 41 | echo ERROR: JAVA_HOME is set to an invalid directory: %JAVA_HOME% 42 | echo. 43 | echo Please set the JAVA_HOME variable in your environment to match the 44 | echo location of your Java installation. 45 | 46 | goto fail 47 | 48 | :init 49 | @rem Get command-line arguments, handling Windows variants 50 | 51 | if not "%OS%" == "Windows_NT" goto win9xME_args 52 | 53 | :win9xME_args 54 | @rem Slurp the command line arguments. 55 | set CMD_LINE_ARGS= 56 | set _SKIP=2 57 | 58 | :win9xME_args_slurp 59 | if "x%~1" == "x" goto execute 60 | 61 | set CMD_LINE_ARGS=%* 62 | 63 | :execute 64 | @rem Setup the command line 65 | 66 | set CLASSPATH=%APP_HOME%\gradle\wrapper\gradle-wrapper.jar 67 | 68 | @rem Execute Gradle 69 | "%JAVA_EXE%" %DEFAULT_JVM_OPTS% %JAVA_OPTS% %GRADLE_OPTS% "-Dorg.gradle.appname=%APP_BASE_NAME%" -classpath "%CLASSPATH%" org.gradle.wrapper.GradleWrapperMain %CMD_LINE_ARGS% 70 | 71 | :end 72 | @rem End local scope for the variables with windows NT shell 73 | if "%ERRORLEVEL%"=="0" goto mainEnd 74 | 75 | :fail 76 | rem Set variable GRADLE_EXIT_CONSOLE if you need the _script_ return code instead of 77 | rem the _cmd.exe /c_ return code! 78 | if not "" == "%GRADLE_EXIT_CONSOLE%" exit 1 79 | exit /b 1 80 | 81 | :mainEnd 82 | if "%OS%"=="Windows_NT" endlocal 83 | 84 | :omega 85 | -------------------------------------------------------------------------------- /library/.gitignore: -------------------------------------------------------------------------------- 1 | /.cxx/ 2 | /build/ 3 | /out/ 4 | -------------------------------------------------------------------------------- /library/CMakeLists.txt: -------------------------------------------------------------------------------- 1 | cmake_minimum_required(VERSION 3.22.1) 2 | 3 | project(libselinux-android 4 | LANGUAGES C) 5 | # CMAKE_INTERPROCEDURAL_OPTIMIZATION sets -fuse-ld=gold and -flto=thin. 6 | #set(CMAKE_INTERPROCEDURAL_OPTIMIZATION TRUE) 7 | add_compile_options( 8 | -fdata-sections 9 | -ffunction-sections 10 | -flto) 11 | add_link_options( 12 | LINKER:--gc-sections) 13 | 14 | # https://android.googlesource.com/platform/external/pcre/+/refs/heads/master/Android.bp 15 | add_library(pcre2 STATIC 16 | # libpcre2 17 | src/main/jni/external/pcre/dist2/src/pcre2_auto_possess.c 18 | src/main/jni/external/pcre/dist2/src/pcre2_compile.c 19 | src/main/jni/external/pcre/dist2/src/pcre2_config.c 20 | src/main/jni/external/pcre/dist2/src/pcre2_context.c 21 | src/main/jni/external/pcre/dist2/src/pcre2_convert.c 22 | src/main/jni/external/pcre/dist2/src/pcre2_dfa_match.c 23 | src/main/jni/external/pcre/dist2/src/pcre2_error.c 24 | src/main/jni/external/pcre/dist2/src/pcre2_extuni.c 25 | src/main/jni/external/pcre/dist2/src/pcre2_find_bracket.c 26 | src/main/jni/external/pcre/dist2/src/pcre2_maketables.c 27 | src/main/jni/external/pcre/dist2/src/pcre2_match.c 28 | src/main/jni/external/pcre/dist2/src/pcre2_match_data.c 29 | src/main/jni/external/pcre/dist2/src/pcre2_jit_compile.c 30 | src/main/jni/external/pcre/dist2/src/pcre2_newline.c 31 | src/main/jni/external/pcre/dist2/src/pcre2_ord2utf.c 32 | src/main/jni/external/pcre/dist2/src/pcre2_pattern_info.c 33 | src/main/jni/external/pcre/dist2/src/pcre2_serialize.c 34 | src/main/jni/external/pcre/dist2/src/pcre2_string_utils.c 35 | src/main/jni/external/pcre/dist2/src/pcre2_study.c 36 | src/main/jni/external/pcre/dist2/src/pcre2_substitute.c 37 | src/main/jni/external/pcre/dist2/src/pcre2_substring.c 38 | src/main/jni/external/pcre/dist2/src/pcre2_tables.c 39 | src/main/jni/external/pcre/dist2/src/pcre2_ucd.c 40 | src/main/jni/external/pcre/dist2/src/pcre2_valid_utf.c 41 | src/main/jni/external/pcre/dist2/src/pcre2_xclass.c 42 | src/main/jni/external/pcre/dist2/src/pcre2_chartables.c) 43 | target_compile_options(pcre2 44 | PRIVATE 45 | # pcre_defaults 46 | -DHAVE_CONFIG_H 47 | -Wall 48 | -Werror) 49 | target_include_directories(pcre2 50 | PRIVATE 51 | src/main/jni/external/pcre/include_internal 52 | PUBLIC 53 | src/main/jni/external/pcre/include) 54 | 55 | # __fsetlocking needs __ANDROID_API__ >= 23, and it seems just an optimization, so just give it a 56 | # no-op implementation to compile. 57 | set(SELINUX_INIT_C_INPUT src/main/jni/external/selinux/libselinux/src/init.c) 58 | set(SELINUX_INIT_C_OUTPUT "${CMAKE_CURRENT_BINARY_DIR}/init_patched.c") 59 | set(SELINUX_INIT_C_PATCH src/main/jni/init.c.patch) 60 | set(CMAKE_MODULE_PATH ${CMAKE_MODULE_PATH} "${CMAKE_CURRENT_SOURCE_DIR}/cmake") 61 | find_package(Patch REQUIRED) 62 | add_custom_command(OUTPUT "${SELINUX_INIT_C_OUTPUT}" 63 | COMMAND "${CMAKE_COMMAND}" -E copy "${SELINUX_INIT_C_INPUT}" "${SELINUX_INIT_C_OUTPUT}" 64 | COMMAND "${Patch_EXECUTABLE}" "${SELINUX_INIT_C_OUTPUT}" "${SELINUX_INIT_C_PATCH}" 65 | MAIN_DEPENDENCY "${SELINUX_INIT_C_INPUT}" 66 | DEPENDS "${SELINUX_INIT_C_PATCH}" 67 | WORKING_DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR} 68 | COMMENT "Generating init_patched.c" 69 | VERBATIM) 70 | 71 | # https://android.googlesource.com/platform/external/selinux/+/refs/heads/master/libselinux/Android.bp 72 | add_library(selinux STATIC 73 | # libselinux_defaults 74 | src/main/jni/external/selinux/libselinux/src/booleans.c 75 | src/main/jni/external/selinux/libselinux/src/callbacks.c 76 | src/main/jni/external/selinux/libselinux/src/freecon.c 77 | src/main/jni/external/selinux/libselinux/src/label_backends_android.c 78 | src/main/jni/external/selinux/libselinux/src/label.c 79 | src/main/jni/external/selinux/libselinux/src/label_support.c 80 | src/main/jni/external/selinux/libselinux/src/matchpathcon.c 81 | src/main/jni/external/selinux/libselinux/src/setrans_client.c 82 | src/main/jni/external/selinux/libselinux/src/sha1.c 83 | # libselinux 84 | src/main/jni/external/selinux/libselinux/src/label_file.c 85 | src/main/jni/external/selinux/libselinux/src/regex.c 86 | # linux_glibc 87 | src/main/jni/external/selinux/libselinux/src/avc.c 88 | src/main/jni/external/selinux/libselinux/src/avc_internal.c 89 | src/main/jni/external/selinux/libselinux/src/avc_sidtab.c 90 | src/main/jni/external/selinux/libselinux/src/compute_av.c 91 | src/main/jni/external/selinux/libselinux/src/compute_create.c 92 | src/main/jni/external/selinux/libselinux/src/compute_member.c 93 | src/main/jni/external/selinux/libselinux/src/context.c 94 | src/main/jni/external/selinux/libselinux/src/enabled.c 95 | src/main/jni/external/selinux/libselinux/src/fgetfilecon.c 96 | src/main/jni/external/selinux/libselinux/src/getenforce.c 97 | src/main/jni/external/selinux/libselinux/src/getfilecon.c 98 | src/main/jni/external/selinux/libselinux/src/get_initial_context.c 99 | #src/main/jni/external/selinux/libselinux/src/init.c 100 | "${SELINUX_INIT_C_OUTPUT}" 101 | src/main/jni/external/selinux/libselinux/src/lgetfilecon.c 102 | src/main/jni/external/selinux/libselinux/src/load_policy.c 103 | src/main/jni/external/selinux/libselinux/src/lsetfilecon.c 104 | src/main/jni/external/selinux/libselinux/src/mapping.c 105 | src/main/jni/external/selinux/libselinux/src/procattr.c 106 | src/main/jni/external/selinux/libselinux/src/setenforce.c 107 | src/main/jni/external/selinux/libselinux/src/setexecfilecon.c 108 | src/main/jni/external/selinux/libselinux/src/setfilecon.c 109 | src/main/jni/external/selinux/libselinux/src/stringrep.c 110 | # Added for this library 111 | src/main/jni/external/selinux/libselinux/src/fsetfilecon.c) 112 | target_compile_options(selinux 113 | PRIVATE 114 | # libselinux_defaults 115 | -DNO_PERSISTENTLY_STORED_PATTERNS 116 | -DDISABLE_SETRANS 117 | -DDISABLE_BOOL 118 | -D_GNU_SOURCE 119 | -DNO_MEDIA_BACKEND 120 | -DNO_X_BACKEND 121 | -DNO_DB_BACKEND 122 | -Wall 123 | -Werror 124 | -Wno-error=missing-noreturn 125 | -Wno-error=unused-function 126 | -Wno-error=unused-variable 127 | -Wno-error=unused-but-set-variable 128 | # libselinux 129 | -DUSE_PCRE2) 130 | target_include_directories(selinux 131 | PUBLIC 132 | src/main/jni/external/selinux/libselinux/include 133 | # Hack for init_patched.c including local files. 134 | PRIVATE 135 | src/main/jni/external/selinux/libselinux/src) 136 | target_link_libraries(selinux 137 | PRIVATE 138 | pcre2) 139 | 140 | find_library(LOG_LIBRARY log) 141 | add_library(selinux-jni SHARED src/main/jni/libselinux-jni.c) 142 | target_link_libraries(selinux-jni selinux ${LOG_LIBRARY}) 143 | -------------------------------------------------------------------------------- /library/build.gradle: -------------------------------------------------------------------------------- 1 | apply plugin: 'com.android.library' 2 | 3 | android { 4 | namespace 'me.zhanghai.android.libselinux' 5 | buildToolsVersion = '36.0.0' 6 | compileSdk 36 7 | ndkVersion '28.1.13356709' 8 | defaultConfig { 9 | minSdk 21 10 | targetSdk 36 11 | consumerProguardFiles 'proguard-rules.pro' 12 | externalNativeBuild { 13 | cmake { 14 | arguments '-DANDROID_STL=none' 15 | } 16 | } 17 | } 18 | compileOptions { 19 | sourceCompatibility JavaVersion.VERSION_1_8 20 | targetCompatibility JavaVersion.VERSION_1_8 21 | } 22 | buildTypes { 23 | release { 24 | minifyEnabled false 25 | } 26 | } 27 | externalNativeBuild { 28 | cmake { 29 | path 'CMakeLists.txt' 30 | } 31 | } 32 | } 33 | 34 | dependencies { 35 | implementation 'androidx.annotation:annotation:1.9.1' 36 | } 37 | 38 | apply plugin: 'com.vanniktech.maven.publish' 39 | -------------------------------------------------------------------------------- /library/cmake/FindPatch.cmake: -------------------------------------------------------------------------------- 1 | # Distributed under the OSI-approved BSD 3-Clause License. See accompanying 2 | # file Copyright.txt or https://cmake.org/licensing for details. 3 | 4 | #[=======================================================================[.rst: 5 | FindPatch 6 | --------- 7 | 8 | The module defines the following variables: 9 | 10 | ``Patch_EXECUTABLE`` 11 | Path to patch command-line executable. 12 | ``Patch_FOUND`` 13 | True if the patch command-line executable was found. 14 | 15 | The following :prop_tgt:`IMPORTED` targets are also defined: 16 | 17 | ``Patch::patch`` 18 | The command-line executable. 19 | 20 | Example usage: 21 | 22 | .. code-block:: cmake 23 | 24 | find_package(Patch) 25 | if(Patch_FOUND) 26 | message("Patch found: ${Patch_EXECUTABLE}") 27 | endif() 28 | #]=======================================================================] 29 | 30 | set(_doc "Patch command line executable") 31 | set(_patch_path ) 32 | 33 | if(CMAKE_HOST_WIN32) 34 | set(_patch_path 35 | "$ENV{LOCALAPPDATA}/Programs/Git/bin" 36 | "$ENV{LOCALAPPDATA}/Programs/Git/usr/bin" 37 | "$ENV{APPDATA}/Programs/Git/bin" 38 | "$ENV{APPDATA}/Programs/Git/usr/bin" 39 | ) 40 | endif() 41 | 42 | # First search the PATH 43 | find_program(Patch_EXECUTABLE 44 | NAME patch 45 | PATHS ${_patch_path} 46 | DOC ${_doc} 47 | ) 48 | 49 | if(CMAKE_HOST_WIN32) 50 | # Now look for installations in Git/ directories under typical installation 51 | # prefixes on Windows. 52 | find_program(Patch_EXECUTABLE 53 | NAMES patch 54 | PATH_SUFFIXES Git/usr/bin Git/bin GnuWin32/bin 55 | DOC ${_doc} 56 | ) 57 | endif() 58 | 59 | if(Patch_EXECUTABLE AND NOT TARGET Patch::patch) 60 | add_executable(Patch::patch IMPORTED) 61 | set_property(TARGET Patch::patch PROPERTY IMPORTED_LOCATION ${Patch_EXECUTABLE}) 62 | endif() 63 | 64 | unset(_patch_path) 65 | unset(_doc) 66 | 67 | # http://kwwidgets.org/Bug/view.php?id=12325 68 | #include(${CMAKE_CURRENT_LIST_DIR}/FindPackageHandleStandardArgs.cmake) 69 | include(FindPackageHandleStandardArgs) 70 | find_package_handle_standard_args(Patch 71 | REQUIRED_VARS Patch_EXECUTABLE) 72 | -------------------------------------------------------------------------------- /library/gradle.properties: -------------------------------------------------------------------------------- 1 | POM_NAME=libselinux-android Library 2 | -------------------------------------------------------------------------------- /library/proguard-rules.pro: -------------------------------------------------------------------------------- 1 | # Add project specific ProGuard rules here. 2 | # You can control the set of applied configuration files using the 3 | # proguardFiles setting in build.gradle. 4 | # 5 | # For more details, see 6 | # http://developer.android.com/guide/developing/tools/proguard.html 7 | 8 | # If your project uses WebView with JS, uncomment the following 9 | # and specify the fully qualified class name to the JavaScript interface 10 | # class: 11 | #-keepclassmembers class fqcn.of.javascript.interface.for.webview { 12 | # public *; 13 | #} 14 | 15 | # Uncomment this to preserve the line number information for 16 | # debugging stack traces. 17 | #-keepattributes SourceFile,LineNumberTable 18 | 19 | # If you keep the line number information, uncomment this to 20 | # hide the original source file name. 21 | #-renamesourcefileattribute SourceFile 22 | -------------------------------------------------------------------------------- /library/src/main/AndroidManifest.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 7 | 8 | 9 | -------------------------------------------------------------------------------- /library/src/main/java/me/zhanghai/android/libselinux/SeLinux.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2019 Hai Zhang 3 | * All Rights Reserved. 4 | */ 5 | 6 | package me.zhanghai.android.libselinux; 7 | 8 | import android.system.ErrnoException; 9 | 10 | import java.io.FileDescriptor; 11 | 12 | import androidx.annotation.NonNull; 13 | 14 | public class SeLinux { 15 | 16 | static { 17 | System.loadLibrary("selinux-jni"); 18 | } 19 | 20 | private SeLinux() {} 21 | 22 | @NonNull 23 | public static native byte[] fgetfilecon(@NonNull FileDescriptor fd) throws ErrnoException; 24 | 25 | public static native void fsetfilecon(@NonNull FileDescriptor fd, @NonNull byte[] context) 26 | throws ErrnoException; 27 | 28 | @NonNull 29 | public static native byte[] getfilecon(@NonNull byte[] path) throws ErrnoException; 30 | 31 | public static native boolean is_selinux_enabled(); 32 | 33 | @NonNull 34 | public static native byte[] lgetfilecon(@NonNull byte[] path) throws ErrnoException; 35 | 36 | public static native void lsetfilecon(@NonNull byte[] path, @NonNull byte[] context) 37 | throws ErrnoException; 38 | 39 | public static native boolean security_getenforce() throws ErrnoException; 40 | 41 | public static native void setfilecon(@NonNull byte[] path, @NonNull byte[] context) 42 | throws ErrnoException; 43 | } 44 | -------------------------------------------------------------------------------- /library/src/main/jni/init.c.patch: -------------------------------------------------------------------------------- 1 | @@ -6,6 +6,11 @@ 2 | #include 3 | #include 4 | #include 5 | +#if __ANDROID_API__ < 23 6 | +static int __fsetlocking(FILE* __fp, int __type) { 7 | + return FSETLOCKING_INTERNAL; 8 | +} 9 | +#endif 10 | #include 11 | #include 12 | #include 13 | -------------------------------------------------------------------------------- /library/src/main/jni/libselinux-jni.c: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2019 Hai Zhang 3 | * All Rights Reserved. 4 | */ 5 | 6 | #include 7 | #include 8 | #include 9 | #include 10 | 11 | #include 12 | 13 | #include 14 | 15 | #include 16 | 17 | #define ALOGV(...) __android_log_print(ANDROID_LOG_VERBOSE, LOG_TAG, __VA_ARGS__) 18 | #define ALOGD(...) __android_log_print(ANDROID_LOG_DEBUG, LOG_TAG, __VA_ARGS__) 19 | #define ALOGI(...) __android_log_print(ANDROID_LOG_INFO, LOG_TAG, __VA_ARGS__) 20 | #define ALOGW(...) __android_log_print(ANDROID_LOG_WARN, LOG_TAG, __VA_ARGS__) 21 | #define ALOGE(...) __android_log_print(ANDROID_LOG_ERROR, LOG_TAG, __VA_ARGS__) 22 | 23 | #define LOG_TAG "libselinux-jni" 24 | 25 | #undef TEMP_FAILURE_RETRY 26 | #define TEMP_FAILURE_RETRY(exp) ({ \ 27 | errno = 0; \ 28 | __typeof__(exp) _rc; \ 29 | do { \ 30 | _rc = (exp); \ 31 | } while (errno == EINTR); \ 32 | _rc; }) 33 | 34 | static jclass findClass(JNIEnv *env, const char *name) { 35 | jclass localClass = (*env)->FindClass(env, name); 36 | if (!localClass) { 37 | ALOGE("Failed to find class '%s'", name); 38 | abort(); 39 | } 40 | jclass globalClass = (*env)->NewGlobalRef(env, localClass); 41 | (*env)->DeleteLocalRef(env, localClass); 42 | if (!globalClass) { 43 | ALOGE("Failed to create a global reference for '%s'", name); 44 | abort(); 45 | } 46 | return globalClass; 47 | } 48 | 49 | static jfieldID findField(JNIEnv *env, jclass clazz, const char *name, const char *signature) { 50 | jfieldID field = (*env)->GetFieldID(env, clazz, name, signature); 51 | if (!field) { 52 | ALOGE("Failed to find field '%s' '%s'", name, signature); 53 | abort(); 54 | } 55 | return field; 56 | } 57 | 58 | static jmethodID findMethod(JNIEnv *env, jclass clazz, const char *name, const char *signature) { 59 | jmethodID method = (*env)->GetMethodID(env, clazz, name, signature); 60 | if (!method) { 61 | ALOGE("Failed to find method '%s' '%s'", name, signature); 62 | abort(); 63 | } 64 | return method; 65 | } 66 | 67 | static jclass getErrnoExceptionClass(JNIEnv *env) { 68 | static jclass errnoExceptionClass = NULL; 69 | if (!errnoExceptionClass) { 70 | errnoExceptionClass = findClass(env, "android/system/ErrnoException"); 71 | } 72 | return errnoExceptionClass; 73 | } 74 | 75 | static jclass getFileDescriptorClass(JNIEnv *env) { 76 | static jclass fileDescriptorClass = NULL; 77 | if (!fileDescriptorClass) { 78 | fileDescriptorClass = findClass(env, "java/io/FileDescriptor"); 79 | } 80 | return fileDescriptorClass; 81 | } 82 | 83 | static jfieldID getFileDescriptorDescriptorField(JNIEnv *env) { 84 | static jclass fileDescriptorDescriptorField = NULL; 85 | if (!fileDescriptorDescriptorField) { 86 | fileDescriptorDescriptorField = findField(env, getFileDescriptorClass(env), "descriptor", 87 | "I"); 88 | } 89 | return fileDescriptorDescriptorField; 90 | } 91 | 92 | static void throwException(JNIEnv *env, jclass exceptionClass, jmethodID constructor3, 93 | jmethodID constructor2, const char *functionName, int error) { 94 | jthrowable cause = NULL; 95 | if ((*env)->ExceptionCheck(env)) { 96 | cause = (*env)->ExceptionOccurred(env); 97 | (*env)->ExceptionClear(env); 98 | } 99 | jstring detailMessage = (*env)->NewStringUTF(env, functionName); 100 | if (!detailMessage) { 101 | // Not really much we can do here. We're probably dead in the water, 102 | // but let's try to stumble on... 103 | (*env)->ExceptionClear(env); 104 | } 105 | jobject exception; 106 | if (cause) { 107 | exception = (*env)->NewObject(env, exceptionClass, constructor3, detailMessage, error, 108 | cause); 109 | } else { 110 | exception = (*env)->NewObject(env, exceptionClass, constructor2, detailMessage, error); 111 | } 112 | (*env)->Throw(env, exception); 113 | (*env)->DeleteLocalRef(env, detailMessage); 114 | } 115 | 116 | static void throwErrnoException(JNIEnv* env, const char* functionName) { 117 | int error = errno; 118 | static jmethodID constructor3 = NULL; 119 | if (!constructor3) { 120 | constructor3 = findMethod(env, getErrnoExceptionClass(env), "", 121 | "(Ljava/lang/String;ILjava/lang/Throwable;)V"); 122 | } 123 | static jmethodID constructor2 = NULL; 124 | if (!constructor2) { 125 | constructor2 = findMethod(env, getErrnoExceptionClass(env), "", 126 | "(Ljava/lang/String;I)V"); 127 | } 128 | throwException(env, getErrnoExceptionClass(env), constructor3, constructor2, functionName, 129 | error); 130 | } 131 | 132 | static char *mallocStringFromBytes(JNIEnv *env, jbyteArray javaBytes) { 133 | void *bytes = (*env)->GetByteArrayElements(env, javaBytes, NULL); 134 | jsize javaLength = (*env)->GetArrayLength(env, javaBytes); 135 | size_t length = (size_t) javaLength; 136 | char *string = malloc(length + 1); 137 | memcpy(string, bytes, length); 138 | (*env)->ReleaseByteArrayElements(env, javaBytes, bytes, JNI_ABORT); 139 | string[length] = '\0'; 140 | return string; 141 | } 142 | 143 | static jbyteArray newBytesFromString(JNIEnv *env, const char *string) { 144 | size_t length = strlen(string); 145 | jsize javaLength = (jsize) length; 146 | jbyteArray javaBytes = (*env)->NewByteArray(env, javaLength); 147 | if (!javaBytes) { 148 | return NULL; 149 | } 150 | const void *stringBytes = string; 151 | (*env)->SetByteArrayRegion(env, javaBytes, 0, javaLength, stringBytes); 152 | return javaBytes; 153 | } 154 | 155 | JNIEXPORT jbyteArray JNICALL 156 | Java_me_zhanghai_android_libselinux_SeLinux_fgetfilecon( 157 | JNIEnv *env, jclass clazz, jobject javaFd) { 158 | int fd = (*env)->GetIntField(env, javaFd, getFileDescriptorDescriptorField(env)); 159 | security_context_t context = NULL; 160 | TEMP_FAILURE_RETRY(fgetfilecon(fd, &context)); 161 | if (errno) { 162 | throwErrnoException(env, "fgetfilecon"); 163 | return NULL; 164 | } 165 | jbyteArray javaContext = newBytesFromString(env, context); 166 | freecon(context); 167 | return javaContext; 168 | } 169 | 170 | JNIEXPORT void JNICALL 171 | Java_me_zhanghai_android_libselinux_SeLinux_fsetfilecon( 172 | JNIEnv *env, jclass clazz, jobject javaFd, jbyteArray javaContext) { 173 | int fd = (*env)->GetIntField(env, javaFd, getFileDescriptorDescriptorField(env)); 174 | security_context_t context = mallocStringFromBytes(env, javaContext); 175 | TEMP_FAILURE_RETRY(fsetfilecon(fd, context)); 176 | free(context); 177 | if (errno) { 178 | throwErrnoException(env, "fsetfilecon"); 179 | } 180 | } 181 | 182 | static jbyteArray doGetfilecon(JNIEnv *env, jbyteArray javaPath, bool isLgetfilecon) { 183 | char *path = mallocStringFromBytes(env, javaPath); 184 | security_context_t context = NULL; 185 | TEMP_FAILURE_RETRY((isLgetfilecon ? lgetfilecon : getfilecon)(path, &context)); 186 | free(path); 187 | if (errno) { 188 | throwErrnoException(env, isLgetfilecon ? "lgetfilecon" : "getfilecon"); 189 | return NULL; 190 | } 191 | jbyteArray javaContext = newBytesFromString(env, context); 192 | freecon(context); 193 | return javaContext; 194 | } 195 | 196 | JNIEXPORT jbyteArray JNICALL 197 | Java_me_zhanghai_android_libselinux_SeLinux_getfilecon( 198 | JNIEnv *env, jclass clazz, jbyteArray javaPath) { 199 | return doGetfilecon(env, javaPath, false); 200 | } 201 | 202 | JNIEXPORT jboolean JNICALL 203 | Java_me_zhanghai_android_libselinux_SeLinux_is_1selinux_1enabled( 204 | JNIEnv *env, jclass clazz) { 205 | int enabled = is_selinux_enabled(); 206 | jboolean javaEnabled = (jboolean) (enabled ? JNI_TRUE : JNI_FALSE); 207 | return javaEnabled; 208 | } 209 | 210 | JNIEXPORT jbyteArray JNICALL 211 | Java_me_zhanghai_android_libselinux_SeLinux_lgetfilecon( 212 | JNIEnv *env, jclass clazz, jbyteArray javaPath) { 213 | return doGetfilecon(env, javaPath, true); 214 | } 215 | 216 | static void doSetfilecon(JNIEnv *env, jbyteArray javaPath, jbyteArray javaContext, 217 | bool isLsetfilecon) { 218 | char *path = mallocStringFromBytes(env, javaPath); 219 | security_context_t context = mallocStringFromBytes(env, javaContext); 220 | TEMP_FAILURE_RETRY((isLsetfilecon ? lsetfilecon : setfilecon)(path, context)); 221 | free(path); 222 | free(context); 223 | if (errno) { 224 | throwErrnoException(env, isLsetfilecon ? "lsetfilecon" : "setfilecon"); 225 | } 226 | } 227 | 228 | JNIEXPORT void JNICALL 229 | Java_me_zhanghai_android_libselinux_SeLinux_lsetfilecon( 230 | JNIEnv *env, jclass clazz, jbyteArray javaPath, jbyteArray javaContext) { 231 | doSetfilecon(env, javaPath, javaContext, true); 232 | } 233 | 234 | JNIEXPORT jboolean JNICALL 235 | Java_me_zhanghai_android_libselinux_SeLinux_security_1getenforce( 236 | JNIEnv *env, jclass clazz) { 237 | int enforce = TEMP_FAILURE_RETRY(security_getenforce()); 238 | if (enforce == -1 && !errno) { 239 | // The only case is sscanf() returning EOF in security_getenforce(), which we can treat as 240 | // an I/O error. 241 | errno = EIO; 242 | } 243 | if (errno) { 244 | throwErrnoException(env, "security_getenforce"); 245 | } 246 | jboolean javaEnforce = (jboolean) (enforce ? JNI_TRUE : JNI_FALSE); 247 | return javaEnforce; 248 | } 249 | 250 | JNIEXPORT void JNICALL 251 | Java_me_zhanghai_android_libselinux_SeLinux_setfilecon( 252 | JNIEnv *env, jclass clazz, jbyteArray javaPath, jbyteArray javaContext) { 253 | doSetfilecon(env, javaPath, javaContext, false); 254 | } 255 | -------------------------------------------------------------------------------- /sample/.gitignore: -------------------------------------------------------------------------------- 1 | /.externalNativeBuild/ 2 | /build/ 3 | /out/ 4 | -------------------------------------------------------------------------------- /sample/build.gradle: -------------------------------------------------------------------------------- 1 | apply plugin: 'com.android.application' 2 | 3 | android { 4 | namespace 'me.zhanghai.android.libselinux.sample' 5 | buildToolsVersion = '36.0.0' 6 | compileSdk 36 7 | defaultConfig { 8 | applicationId 'me.zhanghai.android.libselinux.sample' 9 | minSdk 21 10 | targetSdk 36 11 | versionCode Integer.parseInt(VERSION_CODE) 12 | versionName VERSION_NAME 13 | } 14 | compileOptions { 15 | sourceCompatibility JavaVersion.VERSION_1_8 16 | targetCompatibility JavaVersion.VERSION_1_8 17 | } 18 | buildTypes { 19 | release { 20 | minifyEnabled true 21 | shrinkResources true 22 | proguardFiles getDefaultProguardFile('proguard-android-optimize.txt'), 'proguard-rules.pro' 23 | } 24 | } 25 | } 26 | 27 | dependencies { 28 | implementation project(':library') 29 | implementation 'androidx.annotation:annotation:1.9.1' 30 | } 31 | -------------------------------------------------------------------------------- /sample/proguard-rules.pro: -------------------------------------------------------------------------------- 1 | # Add project specific ProGuard rules here. 2 | # You can control the set of applied configuration files using the 3 | # proguardFiles setting in build.gradle. 4 | # 5 | # For more details, see 6 | # http://developer.android.com/guide/developing/tools/proguard.html 7 | 8 | # If your project uses WebView with JS, uncomment the following 9 | # and specify the fully qualified class name to the JavaScript interface 10 | # class: 11 | #-keepclassmembers class fqcn.of.javascript.interface.for.webview { 12 | # public *; 13 | #} 14 | 15 | # Uncomment this to preserve the line number information for 16 | # debugging stack traces. 17 | #-keepattributes SourceFile,LineNumberTable 18 | 19 | # If you keep the line number information, uncomment this to 20 | # hide the original source file name. 21 | #-renamesourcefileattribute SourceFile 22 | 23 | -dontwarn android.** 24 | -------------------------------------------------------------------------------- /sample/src/main/AndroidManifest.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 7 | 8 | 9 | 10 | 15 | 16 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | -------------------------------------------------------------------------------- /sample/src/main/java/me/zhanghai/android/libselinux/sample/MainActivity.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2019 Hai Zhang 3 | * All Rights Reserved. 4 | */ 5 | 6 | package me.zhanghai.android.libselinux.sample; 7 | 8 | import android.app.Activity; 9 | import android.os.Bundle; 10 | import android.system.ErrnoException; 11 | import android.view.ViewGroup; 12 | import android.widget.TextView; 13 | 14 | import androidx.annotation.Nullable; 15 | import me.zhanghai.android.libselinux.SeLinux; 16 | 17 | public class MainActivity extends Activity { 18 | 19 | @Override 20 | protected void onCreate(@Nullable Bundle savedInstanceState) { 21 | super.onCreate(savedInstanceState); 22 | 23 | String text; 24 | try { 25 | text = new String(SeLinux.lgetfilecon("/".getBytes())); 26 | } catch (ErrnoException e) { 27 | text = e.getMessage(); 28 | } 29 | 30 | TextView textView = new TextView(this); 31 | textView.setFitsSystemWindows(true); 32 | textView.setText(text); 33 | setContentView(textView, new ViewGroup.LayoutParams(ViewGroup.LayoutParams.MATCH_PARENT, 34 | ViewGroup.LayoutParams.WRAP_CONTENT)); 35 | } 36 | } 37 | -------------------------------------------------------------------------------- /settings.gradle: -------------------------------------------------------------------------------- 1 | include ':library', ':sample' 2 | --------------------------------------------------------------------------------