device/generic/common
リビジョン | 9c64ea75860c945f9432eac9e013f0c291d9d4f6 (tree) |
---|---|
日時 | 2016-08-26 02:43:36 |
作者 | Chih-Wei Huang <cwhuang@linu...> |
コミッター | Chih-Wei Huang |
Enable SELinux permissive mode
SELinux can't be disabled in Android 7.0. Before we completely
define our sepolicy, we can only run the permissive mode.
@@ -77,7 +77,8 @@ TARGET_HARDWARE_3D := true | ||
77 | 77 | BOARD_EGL_CFG ?= device/generic/common/gpu/egl_mesa.cfg |
78 | 78 | endif |
79 | 79 | |
80 | -BOARD_KERNEL_CMDLINE := root=/dev/ram0 androidboot.hardware=$(TARGET_PRODUCT) | |
80 | +BOARD_KERNEL_CMDLINE := root=/dev/ram0 androidboot.hardware=$(TARGET_PRODUCT) androidboot.selinux=permissive | |
81 | +TARGET_KERNEL_DIFFCONFIG := device/generic/common/selinux_diffconfig | |
81 | 82 | |
82 | 83 | COMPATIBILITY_ENHANCEMENT_PACKAGE := true |
83 | 84 | PRC_COMPATIBILITY_PACKAGE := true |
@@ -0,0 +1,7 @@ | ||
1 | +CONFIG_SECURITY_PATH=y | |
2 | +CONFIG_SECURITY_SELINUX_BOOTPARAM=y | |
3 | +CONFIG_SECURITY_SELINUX_BOOTPARAM_VALUE=1 | |
4 | +CONFIG_SECURITY_SELINUX_CHECKREQPROT_VALUE=1 | |
5 | +CONFIG_DEFAULT_SECURITY_SELINUX=y | |
6 | +# CONFIG_DEFAULT_SECURITY_DAC is not set | |
7 | +CONFIG_DEFAULT_SECURITY="selinux" |