system/core
リビジョン | a7a032ff0e0070bb8cd51ed50d4acab0dbef0ed7 (tree) |
---|---|
日時 | 2019-11-23 16:39:21 |
作者 | Chih-Wei Huang <cwhuang@linu...> |
コミッター | Chih-Wei Huang |
init: set default selinux mode to permissive
To support selinux enforcing mode, we still have a long way to go.
Let's set the default mode to permissive.
@@ -27,7 +27,7 @@ cc_defaults { | ||
27 | 27 | "-Wno-unused-parameter", |
28 | 28 | "-Werror", |
29 | 29 | "-DALLOW_LOCAL_PROP_OVERRIDE=0", |
30 | - "-DALLOW_PERMISSIVE_SELINUX=0", | |
30 | + "-DALLOW_PERMISSIVE_SELINUX=1", | |
31 | 31 | "-DREBOOT_BOOTLOADER_ON_PANIC=0", |
32 | 32 | "-DWORLD_WRITABLE_KMSG=0", |
33 | 33 | "-DDUMP_ON_UMOUNT_FAILURE=0", |
@@ -76,12 +76,12 @@ selabel_handle* sehandle = nullptr; | ||
76 | 76 | enum EnforcingStatus { SELINUX_PERMISSIVE, SELINUX_ENFORCING }; |
77 | 77 | |
78 | 78 | EnforcingStatus StatusFromCmdline() { |
79 | - EnforcingStatus status = SELINUX_ENFORCING; | |
79 | + EnforcingStatus status = SELINUX_PERMISSIVE; | |
80 | 80 | |
81 | 81 | import_kernel_cmdline(false, |
82 | 82 | [&](const std::string& key, const std::string& value, bool in_qemu) { |
83 | - if (key == "androidboot.selinux" && value == "permissive") { | |
84 | - status = SELINUX_PERMISSIVE; | |
83 | + if (key == "androidboot.selinux" && value == "enforcing") { | |
84 | + status = SELINUX_ENFORCING; | |
85 | 85 | } |
86 | 86 | }); |
87 | 87 |