system/core
Revision | 9b56516f197ea35bb46294da6892c5f879ba6af5 (tree) |
---|---|
Zeit | 2019-11-23 12:41:14 |
Autor | Chih-Wei Huang <cwhuang@linu...> |
Commiter | Chih-Wei Huang |
init: set default selinux mode to permissive
To support selinux enforcing mode, we still have a long way to go.
Let's set the default mode to permissive.
@@ -13,7 +13,7 @@ init_options += \ | ||
13 | 13 | else |
14 | 14 | init_options += \ |
15 | 15 | -DALLOW_LOCAL_PROP_OVERRIDE=0 \ |
16 | - -DALLOW_PERMISSIVE_SELINUX=0 \ | |
16 | + -DALLOW_PERMISSIVE_SELINUX=1 \ | |
17 | 17 | -DREBOOT_BOOTLOADER_ON_PANIC=0 \ |
18 | 18 | -DDUMP_ON_UMOUNT_FAILURE=0 |
19 | 19 | endif |
@@ -573,11 +573,11 @@ static void selinux_init_all_handles(void) | ||
573 | 573 | enum selinux_enforcing_status { SELINUX_PERMISSIVE, SELINUX_ENFORCING }; |
574 | 574 | |
575 | 575 | static selinux_enforcing_status selinux_status_from_cmdline() { |
576 | - selinux_enforcing_status status = SELINUX_ENFORCING; | |
576 | + selinux_enforcing_status status = SELINUX_PERMISSIVE; | |
577 | 577 | |
578 | 578 | import_kernel_cmdline(false, [&](const std::string& key, const std::string& value, bool in_qemu) { |
579 | - if (key == "androidboot.selinux" && value == "permissive") { | |
580 | - status = SELINUX_PERMISSIVE; | |
579 | + if (key == "androidboot.selinux" && value == "enforcing") { | |
580 | + status = SELINUX_ENFORCING; | |
581 | 581 | } |
582 | 582 | }); |
583 | 583 |