joshua_brindle avatar joshua_brindle committed ee2a97a

build outside of tree and use Samsung API's

Change all resource id's to be local
add android.os.SELinux to build outside of tree
add stubs for SEAndroidPolicy
switch API's to ones present on GS4
Add guava
Add eclipse files

Comments (0)

Files changed (13)

+<?xml version="1.0" encoding="UTF-8"?>
+<classpath>
+	<classpathentry kind="src" path="src"/>
+	<classpathentry kind="src" path="gen"/>
+	<classpathentry kind="con" path="com.android.ide.eclipse.adt.ANDROID_FRAMEWORK"/>
+	<classpathentry exported="true" kind="con" path="com.android.ide.eclipse.adt.LIBRARIES"/>
+	<classpathentry exported="true" kind="con" path="com.android.ide.eclipse.adt.DEPENDENCIES"/>
+	<classpathentry kind="output" path="bin"/>
+</classpath>
+<?xml version="1.0" encoding="UTF-8"?>
+<projectDescription>
+	<name>SEAndroidAdminActivity</name>
+	<comment></comment>
+	<projects>
+	</projects>
+	<buildSpec>
+		<buildCommand>
+			<name>com.android.ide.eclipse.adt.ResourceManagerBuilder</name>
+			<arguments>
+			</arguments>
+		</buildCommand>
+		<buildCommand>
+			<name>com.android.ide.eclipse.adt.PreCompilerBuilder</name>
+			<arguments>
+			</arguments>
+		</buildCommand>
+		<buildCommand>
+			<name>org.eclipse.jdt.core.javabuilder</name>
+			<arguments>
+			</arguments>
+		</buildCommand>
+		<buildCommand>
+			<name>com.android.ide.eclipse.adt.ApkBuilder</name>
+			<arguments>
+			</arguments>
+		</buildCommand>
+	</buildSpec>
+	<natures>
+		<nature>com.android.ide.eclipse.adt.AndroidNature</nature>
+		<nature>org.eclipse.jdt.core.javanature</nature>
+	</natures>
+</projectDescription>

AndroidManifest.xml

 
     <uses-permission android:name="android.permission.READ_EXTERNAL_STORAGE"/>
     <uses-permission android:name="android.permission.WRITE_EXTERNAL_STORAGE"/>
+    <uses-permission android:name="android.permission.sec.MDM_SEANDROID"/>
+    <uses-sdk android:maxSdkVersion="17" android:targetSdkVersion="17" android:minSdkVersion="17"/>
 
     <application android:label="@string/app_name">
 

Binary file added.

project.properties

+# This file is automatically generated by Android Tools.
+# Do not modify this file -- YOUR CHANGES WILL BE ERASED!
+#
+# This file must be checked in Version Control Systems.
+#
+# To customize properties used by the Ant build system edit
+# "ant.properties", and override values to adapt the script to your
+# project structure.
+#
+# To enable ProGuard to shrink and obfuscate your code, uncomment this (available properties: sdk.dir, user.home):
+#proguard.config=${sdk.dir}/tools/proguard/proguard-android.txt:proguard-project.txt
+
+# Project target.
+target=Google Inc.:Google APIs:17

res/layout/preference_header_item.xml

         android:layout_marginBottom="6dip"
         android:layout_weight="1">
 
-        <TextView android:id="@+android:id/title"
+        <TextView android:id="@+id/title"
             android:layout_width="wrap_content"
             android:layout_height="wrap_content"
             android:singleLine="true"
             android:ellipsize="marquee"
             android:fadingEdge="horizontal" />
 
-        <TextView android:id="@+android:id/summary"
+        <TextView android:id="@+id/summary"
             android:layout_width="wrap_content"
             android:layout_height="wrap_content"
             android:layout_below="@android:id/title"

res/layout/preference_header_switch_item.xml

         android:layout_marginBottom="6dip"
         android:layout_weight="1">
 
-        <TextView android:id="@+android:id/title"
+        <TextView android:id="@+id/title"
             android:layout_width="wrap_content"
             android:layout_height="wrap_content"
             android:singleLine="true"
             android:ellipsize="marquee"
             android:fadingEdge="horizontal" />
 
-        <TextView android:id="@+android:id/summary"
+        <TextView android:id="@+id/summary"
             android:layout_width="wrap_content"
             android:layout_height="wrap_content"
             android:layout_below="@android:id/title"

src/android/os/SELinux.java

+/*
+ * Copyright (C) 2012 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package android.os;
+
+import java.io.IOException;
+import java.io.File;
+import java.io.FileDescriptor;
+
+/**
+ * This class provides access to the centralized jni bindings for
+ * SELinux interaction.
+ * {@hide}
+ */
+public class SELinux {
+
+    private static final String TAG = "SELinux";
+
+    /**
+     * Determine whether SELinux is disabled or enabled.
+     * @return a boolean indicating whether SELinux is enabled.
+     */
+    public static final native boolean isSELinuxEnabled();
+
+    /**
+     * Determine whether SELinux is permissive or enforcing.
+     * @return a boolean indicating whether SELinux is enforcing.
+     */
+    public static final native boolean isSELinuxEnforced();
+
+    /**
+     * Set whether SELinux is permissive or enforcing.
+     * @param value representing whether to set SELinux to enforcing
+     * @return a boolean representing whether the desired mode was set
+     */
+    public static final native boolean setSELinuxEnforce(boolean value);
+
+    /**
+     * Sets the security context for newly created file objects.
+     * @param context a security context given as a String.
+     * @return a boolean indicating whether the operation succeeded.
+     */
+    public static final native boolean setFSCreateContext(String context);
+
+    /**
+     * Change the security context of an existing file object.
+     * @param path representing the path of file object to relabel.
+     * @param context new security context given as a String.
+     * @return a boolean indicating whether the operation succeeded.
+     */
+    public static final native boolean setFileContext(String path, String context);
+
+    /**
+     * Get the security context of a file object.
+     * @param path the pathname of the file object.
+     * @return a security context given as a String.
+     */
+    public static final native String getFileContext(String path);
+
+    /**
+     * Get the security context of a peer socket.
+     * @param fd FileDescriptor class of the peer socket.
+     * @return a String representing the peer socket security context.
+     */
+    public static final native String getPeerContext(FileDescriptor fd);
+
+    /**
+     * Gets the security context of the current process.
+     * @return a String representing the security context of the current process.
+     */
+    public static final native String getContext();
+
+    /**
+     * Gets the security context of a given process id.
+     * @param pid an int representing the process id to check.
+     * @return a String representing the security context of the given pid.
+     */
+    public static final native String getPidContext(int pid);
+
+    /**
+     * Gets a list of the SELinux boolean names.
+     * @return an array of strings containing the SELinux boolean names.
+     */
+    public static final native String[] getBooleanNames();
+
+    /**
+     * Gets the value for the given SELinux boolean name.
+     * @param name The name of the SELinux boolean.
+     * @return a boolean indicating whether the SELinux boolean is set.
+     */
+    public static final native boolean getBooleanValue(String name);
+
+    /**
+     * Sets the value for the given SELinux boolean name.
+     * @param name The name of the SELinux boolean.
+     * @param value The new value of the SELinux boolean.
+     * @return a boolean indicating whether or not the operation succeeded.
+     */
+    public static final native boolean setBooleanValue(String name, boolean value);
+
+    /**
+     * Check permissions between two security contexts.
+     * @param scon The source or subject security context.
+     * @param tcon The target or object security context.
+     * @param tclass The object security class name.
+     * @param perm The permission name.
+     * @return a boolean indicating whether permission was granted.
+     */
+    public static final native boolean checkSELinuxAccess(String scon, String tcon, String tclass, String perm);
+
+    /**
+     * Restores a file to its default SELinux security context.
+     * If the system is not compiled with SELinux, then {@code true}
+     * is automatically returned.
+     * If SELinux is compiled in, but disabled, then {@code true} is
+     * returned.
+     *
+     * @param pathname The pathname of the file to be relabeled.
+     * @return a boolean indicating whether the relabeling succeeded.
+     * @exception NullPointerException if the pathname is a null object.
+     */
+    public static boolean restorecon(String pathname) throws NullPointerException {
+        if (pathname == null) { throw new NullPointerException(); }
+        return native_restorecon(pathname);
+    }
+
+    /**
+     * Restores a file to its default SELinux security context.
+     * If the system is not compiled with SELinux, then {@code true}
+     * is automatically returned.
+     * If SELinux is compiled in, but disabled, then {@code true} is
+     * returned.
+     *
+     * @param pathname The pathname of the file to be relabeled.
+     * @return a boolean indicating whether the relabeling succeeded.
+     */
+    private static native boolean native_restorecon(String pathname);
+
+    /**
+     * Restores a file to its default SELinux security context.
+     * If the system is not compiled with SELinux, then {@code true}
+     * is automatically returned.
+     * If SELinux is compiled in, but disabled, then {@code true} is
+     * returned.
+     *
+     * @param file The File object representing the path to be relabeled.
+     * @return a boolean indicating whether the relabeling succeeded.
+     * @exception NullPointerException if the file is a null object.
+     */
+    public static boolean restorecon(File file) throws NullPointerException {
+        throw new RuntimeException("Stub");
+    }
+
+}

src/com/android/seandroid_admin/MMACFragment.java

 
 import android.app.admin.DevicePolicyManager;
 import android.os.Bundle;
-import android.os.SystemProperties;
+//import android.os.SystemProperties;
 import android.preference.CheckBoxPreference;
 import android.preference.Preference;
 import android.preference.Preference.OnPreferenceChangeListener;
         addPreferencesFromResource(R.xml.mmac_fragment);
 
         mEmptyView = (TextView) getView().findViewById(android.R.id.empty);
-        getListView().setEmptyView(mEmptyView);
+//        getListView().setEmptyView(mEmptyView);
 
         if (!mAdmin.isDeviceAdmin) {
             addMessagePreference("not device admin");
                 @Override
                 public boolean onPreferenceClick(Preference preference) {
                     Log.v(TAG, "Reload of MMAC policy requested");
+/*
                     try {
                         byte[] policy = Files.toByteArray(mMMACpolicyFile);
-                        if (!mAdmin.mDPM.setCustomPolicyFile(mAdmin.mDeviceAdmin,
-                                DevicePolicyManager.MMAC_POLICY_FILE, policy)) {
+                        if (mAdmin.mSEP.policy)) {
                             Toast.makeText(mActivity, "Unable to set policy", Toast.LENGTH_SHORT).show();
                         } else {
                             Toast.makeText(mActivity, "Success", Toast.LENGTH_SHORT).show();
                         Log.e(TAG, "Exception ocurred", ioex);
                         Toast.makeText(mActivity, ioex.toString(), Toast.LENGTH_SHORT).show();
                     }
+*/
                     return false;
                 }
             });
                 @Override
                 public boolean onPreferenceClick(Preference preference) {
                     Log.v(TAG, "Delete custom MMAC policy requested");
+/*
                     if (!mAdmin.mDPM.setCustomPolicyFile(mAdmin.mDeviceAdmin,
                             DevicePolicyManager.MMAC_POLICY_FILE, null)) {
                         Toast.makeText(mActivity, "Unable to remove custom policy", Toast.LENGTH_SHORT).show();
                     } else {
                         Toast.makeText(mActivity, "Success", Toast.LENGTH_SHORT).show();
                     }
+*/
                     return false;
                 }
             });
         
         if (preference == mMMACenforceCheckbox) {
             boolean value = (Boolean) newValue;
-            boolean ret = mAdmin.mDPM.setMMACenforcing(mAdmin.mDeviceAdmin, value);
+//            boolean ret = mAdmin.mDPM.setMMACenforcing(mAdmin.mDeviceAdmin, value);
+            boolean ret = true;
             mAdmin.updateMMACstate();
             updateViews();
             return ret;
         
         if (mAdmin.isMMACadmin) {
             mMMACenforceCheckbox.setEnabled(true);
-            boolean systemState = SystemProperties.getBoolean(MMAC_ENFORCE_PROPERTY, false);
+//            boolean systemState = SystemProperties.getBoolean(MMAC_ENFORCE_PROPERTY, false);
+            boolean systemState = false;
             mMMACenforceCheckbox.setChecked(systemState);
             if (systemState) {
                 mMMACenforceCheckbox.setSummary(mMMACenforceCheckboxSummaryChecked);

src/com/android/seandroid_admin/SEAndroidAdmin.java

 
         // Device Admin necessary for SELinux Admin
         old = isSELinuxAdmin;
-        isSELinuxAdmin = isDeviceAdmin && mDPM.isSELinuxAdmin(mDeviceAdmin);
+        isSELinuxAdmin = true;
+//        isSELinuxAdmin = isDeviceAdmin && mDPM.isSELinuxAdmin(mDeviceAdmin);
         if (old != isSELinuxAdmin) { Log.v(TAG, "mSELinuxAdmin: " + old + " -> " + isSELinuxAdmin); }
 
         // SELinux Admin necessary for Enforcing SELinux Policy
         old = isEnforcingSELinux;
-        isEnforcingSELinux = isSELinuxAdmin && mDPM.getSELinuxEnforcing(mDeviceAdmin);
+//        isEnforcingSELinux = isSELinuxAdmin && mDPM.getSELinuxEnforcing(mDeviceAdmin);
         if (old != isEnforcingSELinux) { Log.v(TAG, "mEnforcingSELinux: " + old + " -> " + isEnforcingSELinux); }        
     }
 
 
         // Device Admin necessary for MMAC Admin
         old = isMMACadmin;
-        isMMACadmin = isDeviceAdmin && mDPM.isMMACadmin(mDeviceAdmin);
+        isMMACadmin = false;
+//        isMMACadmin = isDeviceAdmin && mDPM.isMMACadmin(mDeviceAdmin);
         if (old != isMMACadmin) { Log.v(TAG, "mMMACadmin: " + old + " -> " + isMMACadmin); }
 
         // MMAC Admin necessary for Enforcing MMAC Policy
         old = isEnforcingMMAC;
-        isEnforcingMMAC = isMMACadmin && mDPM.getMMACenforcing(mDeviceAdmin);
+//        isEnforcingMMAC = isMMACadmin && mDPM.getMMACenforcing(mDeviceAdmin);
         if (old != isEnforcingMMAC) { Log.v(TAG, "mEnforceMMAC: " + old + " -> " + isEnforcingMMAC); }
     }
 

src/com/android/seandroid_admin/SEAndroidAdminActivity.java

 import android.widget.ListAdapter;
 import android.widget.Switch;
 import android.widget.TextView;
+import com.sec.enterprise.knox.seandroid.*;
 
 import com.android.seandroid_admin.R;
 
                         view = mInflater.inflate(R.layout.preference_header_switch_item,
                                 parent, false);
                         holder.title = (TextView) view.findViewById(
-                                com.android.internal.R.id.title);
+                                R.id.title);
                         holder.summary = (TextView) view.findViewById(
-                                com.android.internal.R.id.summary);
+                                R.id.summary);
                         holder.switch_ = (Switch) view.findViewById(R.id.switchWidget);
                         break;
 
                         view = mInflater.inflate(R.layout.preference_header_item, parent,
                                 false);
                         holder.title = (TextView) view.findViewById(
-                                com.android.internal.R.id.title);
+                                R.id.title);
                         holder.summary = (TextView) view.findViewById(
-                                com.android.internal.R.id.summary);
+                                R.id.summary);
                         break;
                 }
-
                 view.setTag(holder);
             } else {
                 view = convertView;
                                 boolean adminActive = mAdmin.isSELinuxAdmin;
                                 Log.v(TAG, "Clicked SELinux admin: " + adminActive + " -> " + isChecked);
                                 if (isChecked != adminActive) {
-                                    boolean ret = mAdmin.mDPM.setSELinuxAdmin(mAdmin.mDeviceAdmin, isChecked);
+                                    //boolean ret = mAdmin.mDPM.setSELinuxAdmin(mAdmin.mDeviceAdmin, isChecked);
+                                    boolean ret = true;
                                     // TODO show failure with toast or something
                                     mAdmin.updateSELinuxState();
                                     mActivity.updateSELinuxView();
                                 boolean adminActive = mAdmin.isMMACadmin;
                                 Log.v(TAG, "Clicked MMAC admin: " + adminActive + " -> " + isChecked);
                                 if (isChecked != adminActive) {
-                                    boolean ret = mAdmin.mDPM.setMMACadmin(mAdmin.mDeviceAdmin, isChecked);
+                                    //boolean ret = mAdmin.mDPM.setMMACadmin(mAdmin.mDeviceAdmin, isChecked);
+                                    boolean ret = false;
                                     // TODO show failure  with toast or something
                                     mAdmin.updateMMACstate();
                                     mActivity.updateMMACview();

src/com/android/seandroid_admin/SELinuxEnforcingFragment.java

 
 package com.android.seandroid_admin;
 
-import android.app.admin.DevicePolicyManager;
 import android.os.Bundle;
 import android.os.SELinux;
 import android.preference.CheckBoxPreference;
 import android.util.Log;
 import android.widget.TextView;
 import android.widget.Toast;
+import com.sec.enterprise.knox.seandroid.*;
 
 import com.android.seandroid_admin.R;
 
     private String mSELinuxEnforceCheckboxSummaryDisabled;
 
     private TextView mEmptyView;
+    private SEAndroidPolicy mSEP;
 
     @Override
     public void onActivityCreated(Bundle savedInstanceState) {
         addPreferencesFromResource(R.xml.selinux_enforcing_fragment);
 
         mEmptyView = (TextView) getView().findViewById(android.R.id.empty);
-        getListView().setEmptyView(mEmptyView);
+        //getListView().setEmptyView(mEmptyView);
+
+        mSEP = SEAndroidPolicy.getInstance(mActivity);
+        mSEP.amsSetLogLevel(9);
 
         if (!SELinux.isSELinuxEnabled()) {
             addMessagePreference(R.string.selinuxBooleans_err_selinuxDisabled);
             mSELinuxEnforceCheckboxSummaryDisabled =
                     getString(R.string.selinux_enforcing_cb_summaryDisabled);
 
+            /*
             List<String> boolnames = mAdmin.mDPM.getSELinuxBooleanNames(mAdmin.mDeviceAdmin);
             Log.v(TAG, "SELinux booleans: " + boolnames);
             if (boolnames != null) {
             //TODO Figure out how to handle failure of getSELinuxBooleanNames
             //TODO Figure out how to add boolean prefs to the Booleans
             //     PreferenceCategory, not just append to end
-
+*/
             /* Warning, lots of duplicated code coming */
 
             mSELinuxReload =
                 @Override
                 public boolean onPreferenceClick(Preference preference) {
                     Log.v(TAG, "Reload of SELinux policy requested");
+
                     try {
                         byte[] policy = Files.toByteArray(mSELinuxPolicyFile);
-                        if (!mAdmin.mDPM.setCustomPolicyFile(mAdmin.mDeviceAdmin,
-                                DevicePolicyManager.SEPOLICY_FILE_SEPOLICY, policy)) {
+                        if (mSEP.setSELinuxPolicy(policy) != SEAndroidPolicy.POLICY_SET_OK) {
                             Toast.makeText(mActivity, "Unable to set policy", Toast.LENGTH_SHORT).show();
                         } else {
                             Toast.makeText(mActivity, "Success", Toast.LENGTH_SHORT).show();
                         Log.e(TAG, "Exception ocurred", ioex);
                         Toast.makeText(mActivity, ioex.toString(), Toast.LENGTH_SHORT).show();
                     }
+
                     return false;
                 }
             });
                 @Override
                 public boolean onPreferenceClick(Preference preference) {
                     Log.v(TAG, "Delete custom SELinux policy requested");
-                    if (!mAdmin.mDPM.setCustomPolicyFile(mAdmin.mDeviceAdmin,
-                            DevicePolicyManager.SEPOLICY_FILE_SEPOLICY, null)) {
+                    if (mSEP.revokeSELinuxPolicy() != SEAndroidPolicy.POLICY_SET_OK) {
                         Toast.makeText(mActivity, "Unable to remove custom policy", Toast.LENGTH_SHORT).show();
                     } else {
                         Toast.makeText(mActivity, "Success", Toast.LENGTH_SHORT).show();
                     }
+
                     return false;
                 }
             });
                     Log.v(TAG, "Reload of Property Contexts policy requested");
                     try {
                         byte[] policy = Files.toByteArray(mPropertyContextsPolicyFile);
-                        if (!mAdmin.mDPM.setCustomPolicyFile(mAdmin.mDeviceAdmin,
-                                DevicePolicyManager.SEPOLICY_FILE_PROPCTXS, policy)) {
+                        if (mSEP.setPropertyContexts(policy) != SEAndroidPolicy.POLICY_SET_OK) {
                             Toast.makeText(mActivity, "Unable to set policy", Toast.LENGTH_SHORT).show();
                         } else {
                             Toast.makeText(mActivity, "Success", Toast.LENGTH_SHORT).show();
                         Log.e(TAG, "Exception ocurred", ioex);
                         Toast.makeText(mActivity, ioex.toString(), Toast.LENGTH_SHORT).show();
                     }
+
                     return false;
                 }
             });
                 @Override
                 public boolean onPreferenceClick(Preference preference) {
                     Log.v(TAG, "Delete custom Property Contexts policy requested");
-                    if (!mAdmin.mDPM.setCustomPolicyFile(mAdmin.mDeviceAdmin,
-                            DevicePolicyManager.SEPOLICY_FILE_PROPCTXS, null)) {
+                    if (mSEP.revokeSELinuxPolicy() != SEAndroidPolicy.POLICY_SET_OK) {
                         Toast.makeText(mActivity, "Unable to remove custom policy", Toast.LENGTH_SHORT).show();
                     } else {
                         Toast.makeText(mActivity, "Success", Toast.LENGTH_SHORT).show();
                     }
+
                     return false;
                 }
             });
                     Log.v(TAG, "Reload of File Contexts policy requested");
                     try {
                         byte[] policy = Files.toByteArray(mFileContextsPolicyFile);
-                        if (!mAdmin.mDPM.setCustomPolicyFile(mAdmin.mDeviceAdmin,
-                                DevicePolicyManager.SEPOLICY_FILE_FILECTXS, policy)) {
+                        if (mSEP.setFileContexts(policy) != SEAndroidPolicy.POLICY_SET_OK) {
                             Toast.makeText(mActivity, "Unable to set policy", Toast.LENGTH_SHORT).show();
                         } else {
                             Toast.makeText(mActivity, "Success", Toast.LENGTH_SHORT).show();
                 @Override
                 public boolean onPreferenceClick(Preference preference) {
                     Log.v(TAG, "Delete custom File Contexts policy requested");
+/*
                     if (!mAdmin.mDPM.setCustomPolicyFile(mAdmin.mDeviceAdmin,
                             DevicePolicyManager.SEPOLICY_FILE_FILECTXS, null)) {
                         Toast.makeText(mActivity, "Unable to remove custom policy", Toast.LENGTH_SHORT).show();
                     } else {
                         Toast.makeText(mActivity, "Success", Toast.LENGTH_SHORT).show();
                     }
+*/
                     return false;
                 }
             });
                     Log.v(TAG, "Reload of SEApp Contexts policy requested");
                     try {
                         byte[] policy = Files.toByteArray(mSEAppContextsPolicyFile);
-                        if (!mAdmin.mDPM.setCustomPolicyFile(mAdmin.mDeviceAdmin,
-                                DevicePolicyManager.SEPOLICY_FILE_SEAPPCTXS, policy)) {
+                        if (mSEP.setSEAppContexts(policy) != SEAndroidPolicy.POLICY_SET_OK) {
                             Toast.makeText(mActivity, "Unable to set policy", Toast.LENGTH_SHORT).show();
                         } else {
                             Toast.makeText(mActivity, "Success", Toast.LENGTH_SHORT).show();
                         Log.e(TAG, "Exception ocurred", ioex);
                         Toast.makeText(mActivity, ioex.toString(), Toast.LENGTH_SHORT).show();
                     }
+
                     return false;
                 }
             });
                 @Override
                 public boolean onPreferenceClick(Preference preference) {
                     Log.v(TAG, "Delete custom SEApp Contexts policy requested");
+/*
                     if (!mAdmin.mDPM.setCustomPolicyFile(mAdmin.mDeviceAdmin,
                             DevicePolicyManager.SEPOLICY_FILE_SEAPPCTXS, null)) {
                         Toast.makeText(mActivity, "Unable to remove custom policy", Toast.LENGTH_SHORT).show();
                     } else {
                         Toast.makeText(mActivity, "Success", Toast.LENGTH_SHORT).show();
                     }
+*/
                     return false;
                 }
             });
 
         if (preference == mSELinuxEnforceCheckbox) {
             boolean value = (Boolean) newValue;
-            boolean ret = mAdmin.mDPM.setSELinuxEnforcing(mAdmin.mDeviceAdmin, value);
+            boolean ret;
+            Log.v(TAG, "Toggling enforcement to: " + value);
+            if (value == true) {
+            	// This is the setenforce API included in the GS4
+            	ret = mSEP.setSELinuxEnforcing();
+            	Log.v(TAG, "setSELinuxEnforcing returned: " + ret);
+            } else {
+            	// There is no obvious way to set permissive on the GS4 so fall back to JNI (does not actually work)
+            	ret = SELinux.setSELinuxEnforce(value);
+            	Log.v(TAG, "setSELinuxEnforce returned: " + ret);
+            }
+            // There is no obvious way to check enforcing on GS4 so fall back to JNI
+            boolean ret2 = SELinux.isSELinuxEnforced();
+            Log.v(TAG, "isSELinuxEnforced returned: " + ret2);
+            
             // TODO show toast on error
             mAdmin.updateSELinuxState();
             updateViews();
             }
             mSELinuxRestore.setEnabled(true);
 
-            mPropertyContextsReload.setEnabled(true);
+            mPropertyContextsReload.setEnabled(false);
             if (mPropertyContextsPolicyFile != null) {
                 mPropertyContextsReload.setSummary(mPropertyContextsPolicyFile.getPath());
             } else {
                 mPropertyContextsReload.setSummary(R.string.ext_storage_unavail);
             }
-            mPropertyContextsRestore.setEnabled(true);
+            mPropertyContextsRestore.setEnabled(false);
 
-            mFileContextsReload.setEnabled(true);
+            mFileContextsReload.setEnabled(false);
             if (mFileContextsPolicyFile != null) {
                 mFileContextsReload.setSummary(mFileContextsPolicyFile.getPath());
             } else {
                 mFileContextsReload.setSummary(R.string.ext_storage_unavail);
             }
-            mFileContextsRestore.setEnabled(true);
+            mFileContextsRestore.setEnabled(false);
 
-            mSEAppContextsReload.setEnabled(true);
+            mSEAppContextsReload.setEnabled(false);
             if (mSEAppContextsPolicyFile != null) {
                 mSEAppContextsReload.setSummary(mSEAppContextsPolicyFile.getPath());
             } else {
                 mSEAppContextsReload.setSummary(R.string.ext_storage_unavail);
             }
-            mSEAppContextsRestore.setEnabled(true);
+            mSEAppContextsRestore.setEnabled(false);
         }
     }
 

src/com/sec/enterprise/knox/seandroid/SEAndroidPolicy.java

+package com.sec.enterprise.knox.seandroid;
+
+import android.content.Context;
+
+public class SEAndroidPolicy
+{
+  public static final int POLICY_SET_OK = 0;
+
+  SEAndroidPolicy()
+  {
+    throw new RuntimeException("Nothing to see here...");
+  }
+
+  public static SEAndroidPolicy getInstance(Context paramContext)
+  {
+    throw new RuntimeException("Nothing to see here...");
+  }
+
+  public int amsSetLogLevel(int paramInt)
+  {
+    throw new RuntimeException("Nothing to see here...");
+  }
+
+  public int getSEAndroidAgent()
+  {
+    throw new RuntimeException("Nothing to see here...");
+  }
+
+  public int revokeSELinuxPolicy()
+  {
+    throw new RuntimeException("Nothing to see here...");
+  }
+
+  public int setFileContexts(byte[] paramArrayOfByte)
+  {
+    throw new RuntimeException("Nothing to see here...");
+  }
+
+  public int setPropertyContexts(byte[] paramArrayOfByte)
+  {
+    throw new RuntimeException("Nothing to see here...");
+  }
+
+  public int setSEAppContexts(byte[] paramArrayOfByte)
+  {
+    throw new RuntimeException("Nothing to see here...");
+  }
+
+  public boolean setSELinuxEnforcing()
+  {
+    throw new RuntimeException("Nothing to see here...");
+  }
+
+  public int setSELinuxPolicy(byte[] paramArrayOfByte)
+  {
+    throw new RuntimeException("Nothing to see here...");
+  }
+}
Tip: Filter by directory path e.g. /media app.js to search for public/media/app.js.
Tip: Use camelCasing e.g. ProjME to search for ProjectModifiedEvent.java.
Tip: Filter by extension type e.g. /repo .js to search for all .js files in the /repo directory.
Tip: Separate your search with spaces e.g. /ssh pom.xml to search for src/ssh/pom.xml.
Tip: Use ↑ and ↓ arrow keys to navigate and return to view the file.
Tip: You can also navigate files with Ctrl+j (next) and Ctrl+k (previous) and view the file with Ctrl+o.
Tip: You can also navigate files with Alt+j (next) and Alt+k (previous) and view the file with Alt+o.