Security: Add SELinux detection

Signed-off-by: Akane Beneckendorff <[email protected]>

Author: AkaneTan

app/src/main/java/org/akanework/checker/MainActivity.kt

@@ -24,6 +24,8 @@ import com.google.android.material.card.MaterialCardView
 import com.google.android.material.color.MaterialColors
 import kotlinx.coroutines.CoroutineScope
 import kotlinx.coroutines.Dispatchers
+import kotlinx.coroutines.async
+import kotlinx.coroutines.awaitAll
 import kotlinx.coroutines.launch
 import kotlinx.coroutines.withContext
 import org.akanework.checker.utils.CheckerUtils
@@ -43,6 +45,7 @@ class MainActivity : Activity() {
     private lateinit var headerCardFrame: MaterialCardView
 
     private val abnormalitiesList = mutableListOf<String>()
+    private val abnormalitiesAdapter = EntryAdapter(abnormalitiesList)
 
     private fun changeTitleStatus(status: Int) {
         var titleString = getString(R.string.normal_title)
@@ -136,13 +139,17 @@ class MainActivity : Activity() {
         val widevineAlgoTextView = findViewById<TextView>(R.id.widevine_algo)
 
         val connectivityRadioTextView = findViewById<TextView>(R.id.connectivity_radio)
-        val connectivityGnssHalStatus = findViewById<TextView>(R.id.connectivity_gps)
+        val connectivityGNSSHalStatus = findViewById<TextView>(R.id.connectivity_gps)
 
         val mediaHdrTypeTextView = findViewById<TextView>(R.id.media_hdr_types)
         val mediaWideColorGamutTextView = findViewById<TextView>(R.id.media_wide_color_gamut)
 
+        val securitySELinuxStateTextView = findViewById<TextView>(R.id.security_selinux_state)
+
         val abnormalitiesFrame = findViewById<MaterialCardView>(R.id.abnormal_frame)
         val abnormalitiesRecyclerView = findViewById<RecyclerView>(R.id.abnormal_recyclerview)
+        abnormalitiesRecyclerView.layoutManager = LinearLayoutManager(this@MainActivity)
+        abnormalitiesRecyclerView.adapter = abnormalitiesAdapter
 
         // Set up basic info
         val basicAndroidVersion = Build.VERSION.RELEASE
@@ -189,14 +196,16 @@ class MainActivity : Activity() {
 
         // Set up radio info
         val connectivityRadioVersion = Build.getRadioVersion().substringAfterLast(',')
-        CoroutineScope(Dispatchers.Default).launch {
-            val connectivityGnssVersionRawList = CheckerUtils.checkGnssHal()
-            val connectivityGnssVersionList = connectivityGnssVersionRawList
+        val connectivityGNSSQueryJob = CoroutineScope(Dispatchers.Default).async {
+            val connectivityGNSSVersionRawList = CheckerUtils.checkGnssHal()
+            val connectivityGNSSVersionList = connectivityGNSSVersionRawList
                 .filter { it.contains("android.hardware.gnss") }
-                .joinToString(separator = "\n") {
-                    it.substringBefore(":").substringAfterLast("? ").trim()
+                .map {
+                    it.substringBefore(":").substringAfterLast("? ").substringAfterLast("Y ").trim()
                 }
-            if (connectivityGnssVersionRawList.isNotEmpty()) {
+                .distinct()
+                .joinToString(separator = "\n")
+            if (connectivityGNSSVersionRawList.isNotEmpty()) {
                 withContext(Dispatchers.Main) {
                     val anim = AlphaAnimation(1.0f, 0.0f)
                     anim.duration = 200
@@ -207,27 +216,18 @@ class MainActivity : Activity() {
                         override fun onAnimationEnd(animation: Animation?) {}
                         override fun onAnimationStart(animation: Animation?) {}
                         override fun onAnimationRepeat(animation: Animation?) {
-                            connectivityGnssHalStatus.text =
-                                "${getString(R.string.connectivity_gnss)}\n$connectivityGnssVersionList"
+                            connectivityGNSSHalStatus.text =
+                                "${getString(R.string.connectivity_gnss)}\n$connectivityGNSSVersionList"
                         }
                     })
 
-                    connectivityGnssHalStatus.startAnimation(anim)
+                    connectivityGNSSHalStatus.startAnimation(anim)
                 }
             } else {
                 withContext(Dispatchers.Main) {
                     abnormalitiesList.add(getString(R.string.abnormalities_gnss_hal_broken))
-                    val abnormalitiesAdapter = EntryAdapter(abnormalitiesList)
-                    abnormalitiesRecyclerView.layoutManager = LinearLayoutManager(this@MainActivity)
-                    abnormalitiesRecyclerView.adapter = abnormalitiesAdapter
-                    abnormalitiesFrame.visibility = View.VISIBLE
                 }
             }
-            if (abnormalitiesList.isEmpty()) {
-                changeTitleStatus(1)
-            } else {
-                changeTitleStatus(2)
-            }
         }
         connectivityRadioTextView.text =
             "${getString(R.string.connectivity_radio)} - $connectivityRadioVersion"
@@ -261,6 +261,25 @@ class MainActivity : Activity() {
         mediaWideColorGamutTextView.text =
             "${getString(R.string.media_wide_color_gamut)} - $mediaIsDeviceColorGamut"
 
+        // Set up security info
+        val securitySELinuxQueryJob = CoroutineScope(Dispatchers.Default).async {
+            val securityIsSELinuxEnforcing = CheckerUtils.isSELinuxEnforcing()
+            withContext(Dispatchers.Main) {
+                securitySELinuxStateTextView.text = getString(R.string.security_selinux_state) + " - " +
+                    when (securityIsSELinuxEnforcing) {
+                        0 -> "Enforcing"
+                        1 -> {
+                            abnormalitiesList.add(getString(R.string.abnormalities_selinux_not_enforcing))
+                            "Permissive"
+                        }
+                        2 -> {
+                            "Invalid"
+                        }
+                        else -> throw IllegalArgumentException()
+                    }
+            }
+        }
+
         // Get abnormalities
         val verifiedBootStat = SystemProperties.read("ro.boot.verifiedbootstate", "unknown")
         val isDrmPassing =
@@ -276,11 +295,19 @@ class MainActivity : Activity() {
             abnormalitiesList.add(getString(R.string.abnormalities_baseband_broken))
         }
 
-        if (abnormalitiesList.size != 0) {
-            val abnormalitiesAdapter = EntryAdapter(abnormalitiesList)
-            abnormalitiesRecyclerView.layoutManager = LinearLayoutManager(this)
-            abnormalitiesRecyclerView.adapter = abnormalitiesAdapter
-            abnormalitiesFrame.visibility = View.VISIBLE
+        CoroutineScope(Dispatchers.Default).launch {
+            awaitAll(connectivityGNSSQueryJob, securitySELinuxQueryJob)
+            withContext(Dispatchers.Main) {
+                if (abnormalitiesList.isEmpty()) {
+                    changeTitleStatus(1)
+                } else {
+                    changeTitleStatus(2)
+                }
+                if (abnormalitiesList.size != 0) {
+                    abnormalitiesAdapter.notifyItemRangeInserted(0, abnormalitiesList.size)
+                    abnormalitiesFrame.visibility = View.VISIBLE
+                }
+            }
         }
     }
 

app/src/main/java/org/akanework/checker/utils/CheckerUtils.kt

@@ -1,29 +1,56 @@
 package org.akanework.checker.utils
 
+import android.util.Log
 import java.io.BufferedReader
 import java.io.InputStreamReader
 
 object CheckerUtils {
 
-    fun checkGnssHal(): MutableList<String> {
+    private val commandCache = mutableMapOf<String, List<String>>()
+
+    private fun executeShellCommand(command: String): List<String> {
+        // Check if the result is already cached
+        if (commandCache.containsKey(command)) {
+            return commandCache[command]!!
+        }
+
+        val outputLines = mutableListOf<String>()
+
         try {
-            val command = "lshal | grep gnss"
-            val process = Runtime.getRuntime().exec(arrayOf("sh", "-c", command))
+            val processBuilder = ProcessBuilder("sh", "-c", command)
+            val process = processBuilder.start()
             val reader = BufferedReader(InputStreamReader(process.inputStream))
+            val errorReader = BufferedReader(InputStreamReader(process.errorStream))
             var line: String?
 
-            val gnssList = mutableListOf<String>()
             while (reader.readLine().also { line = it } != null) {
-                line?.let { gnssList.add(it) }
+                line?.let { outputLines.add(it) }
             }
 
-            process.waitFor()
-            return gnssList
+            while (errorReader.readLine().also { line = it } != null) {
+                // Handle errors if needed
+            }
 
+            process.waitFor()
         } catch (e: Exception) {
             e.printStackTrace()
-            return mutableListOf()
         }
+
+        // Cache the result for future use
+        commandCache[command] = outputLines
+
+        return outputLines
     }
 
+    fun checkGnssHal(): List<String> {
+        val command = "lshal | grep gnss"
+        return executeShellCommand(command)
+    }
+
+    fun isSELinuxEnforcing(): Int {
+        val command = "lshal"
+        val output = executeShellCommand(command)
+        Log.d("TAG", output.toString())
+        return if (output.joinToString().contains(" Y ")) 1 else 0
+    }
 }

app/src/main/res/layout/main_content.xml

@@ -275,6 +275,45 @@
 
     </com.google.android.material.card.MaterialCardView>
 
+    <com.google.android.material.card.MaterialCardView
+        android:layout_width="match_parent"
+        android:layout_height="wrap_content"
+        android:layout_marginStart="12dp"
+        android:layout_marginEnd="12dp"
+        android:layout_marginBottom="22dp"
+        app:cardCornerRadius="8dp">
+
+        <LinearLayout
+            android:layout_width="match_parent"
+            android:layout_height="wrap_content"
+            android:orientation="vertical"
+            android:paddingStart="18dp"
+            android:paddingTop="18dp"
+            android:paddingEnd="18dp"
+            android:paddingBottom="24dp">
+
+            <TextView
+                android:layout_width="wrap_content"
+                android:layout_height="wrap_content"
+                android:layout_marginBottom="12dp"
+                android:text="@string/security"
+                android:textColor="?attr/colorOnSurface"
+                android:textFontWeight="600"
+                android:textSize="20sp" />
+
+            <TextView
+                android:id="@+id/security_selinux_state"
+                android:layout_width="wrap_content"
+                android:layout_height="wrap_content"
+                android:textColor="?attr/colorOnSurface"
+                android:textSize="16sp"
+                android:textFontWeight="500"
+                tools:text="@string/connectivity_radio" />
+
+        </LinearLayout>
+
+    </com.google.android.material.card.MaterialCardView>
+
     <com.google.android.material.card.MaterialCardView
         android:layout_width="match_parent"
         android:layout_height="wrap_content"

app/src/main/res/values/strings.xml

@@ -28,9 +28,12 @@
     <string name="abnormalities_verified_boot_stat">Abnormalities found in Verified boot state.</string>
     <string name="abnormalities_baseband_broken">Baseband is broken.</string>
     <string name="abnormalities_gnss_hal_broken">GNSS Hal is broken.</string>
+    <string name="abnormalities_selinux_not_enforcing">SELinux is not enforcing.</string>
     <string name="github">Open-sourced under GPL-3.0.\nCopyright © AkaneTan 2023</string>
     <string name="normal_title">No abnomilities found.</string>
     <string name="normal_summary">You\'re running a sane build.</string>
     <string name="notice_title">Abnormalities found.</string>
     <string name="notice_summary">Consider reconfiguring your device tree or ROM.</string>
+    <string name="security">Security</string>
+    <string name="security_selinux_state">SELinux state</string>
 </resources>