Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Skip to content
Commit 4838aa1b authored by Nick Kralevich's avatar Nick Kralevich
Browse files

init: allow disabling selinux via a kernel command line 

Create a new "androidboot.selinux" option, to control how userspace
handles SELinux. This kernel command line can have three options:

* disabled
* permissive
* enforcing

"disabled" completely disables userspace support for SELinux. No
policy is ever loaded, nor is the SELinux filesystem /sys/fs/selinux
ever mounted.

"permissive" loads the SELinux policy, but puts SELinux into
permissive mode. SELinux policy violations are logged, but not rejected.

"enforcing", the default, loads the SELinux policy, and places
SELinux into enforcing mode. Policy violations are rejected.

This change addresses post review comments for change
b710ed21 .

Change-Id: I912583db8e6a0e9c63380de32ad8ffc47a8a440f
parent eecf40fc
Hide whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment