system/core
Revision | 1a37095015dc0742db339897d9ba939eb5f7c50f (tree) |
---|---|
Time | 2019-11-23 12:38:21 |
Author | Chih-Wei Huang <cwhuang@linu...> |
Commiter | Chih-Wei Huang |
init: set default selinux mode to permissive
To support selinux enforcing mode, we still have a long way to go.
Let's set the default mode to permissive.
@@ -7,7 +7,7 @@ LOCAL_PATH:= $(call my-dir) | ||
7 | 7 | ifneq (,$(filter userdebug eng,$(TARGET_BUILD_VARIANT))) |
8 | 8 | init_options += -DALLOW_LOCAL_PROP_OVERRIDE=1 -DALLOW_PERMISSIVE_SELINUX=1 |
9 | 9 | else |
10 | -init_options += -DALLOW_LOCAL_PROP_OVERRIDE=0 -DALLOW_PERMISSIVE_SELINUX=0 | |
10 | +init_options += -DALLOW_LOCAL_PROP_OVERRIDE=0 -DALLOW_PERMISSIVE_SELINUX=1 | |
11 | 11 | endif |
12 | 12 | |
13 | 13 | init_options += -DLOG_UEVENTS=0 |
@@ -502,11 +502,11 @@ static void selinux_init_all_handles(void) | ||
502 | 502 | enum selinux_enforcing_status { SELINUX_PERMISSIVE, SELINUX_ENFORCING }; |
503 | 503 | |
504 | 504 | static selinux_enforcing_status selinux_status_from_cmdline() { |
505 | - selinux_enforcing_status status = SELINUX_ENFORCING; | |
505 | + selinux_enforcing_status status = SELINUX_PERMISSIVE; | |
506 | 506 | |
507 | 507 | import_kernel_cmdline(false, [&](const std::string& key, const std::string& value, bool in_qemu) { |
508 | - if (key == "androidboot.selinux" && value == "permissive") { | |
509 | - status = SELINUX_PERMISSIVE; | |
508 | + if (key == "androidboot.selinux" && value == "enforcing") { | |
509 | + status = SELINUX_ENFORCING; | |
510 | 510 | } |
511 | 511 | }); |
512 | 512 |