device/generic/common
| リビジョン | 9c64ea75860c945f9432eac9e013f0c291d9d4f6 (tree) |
|---|---|
| 日時 | 2016-08-26 02:43:36 |
| 作者 | Chih-Wei Huang <cwhuang@linu...> |
| コミッター | Chih-Wei Huang |
Enable SELinux permissive mode
SELinux can't be disabled in Android 7.0. Before we completely
define our sepolicy, we can only run the permissive mode.
BoardConfig.mk (diff) selinux_diffconfig (diff)| @@ -77,7 +77,8 @@ TARGET_HARDWARE_3D := true | ||
| 77 | 77 | BOARD_EGL_CFG ?= device/generic/common/gpu/egl_mesa.cfg |
| 78 | 78 | endif |
| 79 | 79 | |
| 80 | -BOARD_KERNEL_CMDLINE := root=/dev/ram0 androidboot.hardware=$(TARGET_PRODUCT) | |
| 80 | +BOARD_KERNEL_CMDLINE := root=/dev/ram0 androidboot.hardware=$(TARGET_PRODUCT) androidboot.selinux=permissive | |
| 81 | +TARGET_KERNEL_DIFFCONFIG := device/generic/common/selinux_diffconfig | |
| 81 | 82 | |
| 82 | 83 | COMPATIBILITY_ENHANCEMENT_PACKAGE := true |
| 83 | 84 | PRC_COMPATIBILITY_PACKAGE := true |
| @@ -0,0 +1,7 @@ | ||
| 1 | +CONFIG_SECURITY_PATH=y | |
| 2 | +CONFIG_SECURITY_SELINUX_BOOTPARAM=y | |
| 3 | +CONFIG_SECURITY_SELINUX_BOOTPARAM_VALUE=1 | |
| 4 | +CONFIG_SECURITY_SELINUX_CHECKREQPROT_VALUE=1 | |
| 5 | +CONFIG_DEFAULT_SECURITY_SELINUX=y | |
| 6 | +# CONFIG_DEFAULT_SECURITY_DAC is not set | |
| 7 | +CONFIG_DEFAULT_SECURITY="selinux" |
Fork