Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit cee683e2 authored by Nick Kralevich's avatar Nick Kralevich
Browse files

builtins: remove setenforce command 

Adding "setenforce 0" to init.rc isn't a supported way to turn off
SELinux, and doesn't work with AOSP SELinux policy. Remove the code
from init.

Change-Id: If8c8149560789c9a7ba518a0a100e6033bb68898
parent 0a92c8c4

init/builtins.cpp

+0 −9
Original line number Diff line number Diff line
@@ -571,15 +571,6 @@ int do_setcon(int nargs, char **args) { 
    return 0;

}



int do_setenforce(int nargs, char **args) {

    if (is_selinux_enabled() <= 0)

        return 0;

    if (security_setenforce(atoi(args[1])) < 0) {

        return -errno;

    }

    return 0;

}



int do_setkey(int nargs, char **args)

{

    struct kbentry kbe;

init/init_parser.cpp

+0 −1
Original line number Diff line number Diff line
@@ -186,7 +186,6 @@ static int lookup_keyword(const char *s) 
        if (!strcmp(s, "eclabel")) return K_seclabel;

        if (!strcmp(s, "ervice")) return K_service;

        if (!strcmp(s, "etcon")) return K_setcon;

        if (!strcmp(s, "etenforce")) return K_setenforce;

        if (!strcmp(s, "etenv")) return K_setenv;

        if (!strcmp(s, "etkey")) return K_setkey;

        if (!strcmp(s, "etprop")) return K_setprop;

init/keywords.h

+0 −2
Original line number Diff line number Diff line
@@ -23,7 +23,6 @@ int do_restorecon_recursive(int nargs, char **args); 
int do_rm(int nargs, char **args);

int do_rmdir(int nargs, char **args);

int do_setcon(int nargs, char **args);

int do_setenforce(int nargs, char **args);

int do_setkey(int nargs, char **args);

int do_setprop(int nargs, char **args);

int do_setrlimit(int nargs, char **args);
@@ -84,7 +83,6 @@ enum { 
    KEYWORD(seclabel,    OPTION,  0, 0)

    KEYWORD(service,     SECTION, 0, 0)

    KEYWORD(setcon,      COMMAND, 1, do_setcon)

    KEYWORD(setenforce,  COMMAND, 1, do_setenforce)

    KEYWORD(setenv,      OPTION,  2, 0)

    KEYWORD(setkey,      COMMAND, 0, do_setkey)

    KEYWORD(setprop,     COMMAND, 2, do_setprop)

init/readme.txt

+0 −4
Original line number Diff line number Diff line
@@ -228,10 +228,6 @@ setcon <seclabel> 
   This is typically only used from early-init to set the init context

   before any other process is started.



setenforce 0|1

   Set the SELinux system-wide enforcing status.

   0 is permissive (i.e. log but do not deny), 1 is enforcing.



setkey

   TBD